Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: Detecting covert data channels?

Re: Detecting covert data channels?

From: <jasonj_at_hotmail.com>
Date: 8 Jul 2007 09:05:33 -0000
('binary' encoding is not supported, stored as-is)  
If the data is encoded in the header then it might be very difficult the check the presence of covert channels. www.2factor.us/tunnel.html has discussed and implemented such kind of system where in malicious covert channel is established by the unused header fields and the channel is encrypted.

 One of the solution (discussed at www.2factor.us/tunnel) for the IPS can be to normalize or enforce policies in the unused header fields. This can prevent the malicious covert channel.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Received on Jul 12 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]