mailing list archives
Re: Interesting idea for a covert channel or I justdidn't research enough?
From: Thierry Zoller <Thierry () sniff-em com>
Date: Sat, 8 Oct 2005 15:27:51 +0200
Dear Aditya Deshmukh,
AD> Aren't these all different versions of portknocking ? All of
AD> them work untill someone outside can figure out the pattern of
AD> events - at most I would call this security by obscurity -
Leveraged to real portknocking, i.e "encrypted payloads" (time based)
in different SYN, FYN, etc packets to different ports, you can't
easily get the pattern. Thus it leverages the "protection" over a
level that can be seen as security though obscurity. That said
you competely ignore that the Port 22 if open is not a security hole
itself. By hiding it you protect yourself from "possible" threads.
AD> Trivial to detect but good enough for some low security
mailto:Thierry () sniff-em com
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: Interesting idea for a covert channel or I just didn't research enough?, (continued)