Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Interesting idea for a covert channel or I justdidn't research enough?
From: Thierry Zoller <Thierry () sniff-em com>
Date: Sat, 8 Oct 2005 15:27:51 +0200

Dear Aditya Deshmukh,

AD> Aren't these all different versions of portknocking ? All of 
AD> them work untill someone outside can figure out the pattern of 
AD> events - at most I would call this security by obscurity -
Leveraged to real portknocking, i.e "encrypted payloads" (time based)
in different SYN, FYN, etc packets to different ports, you can't
easily get the pattern. Thus it leverages the "protection" over a
level that can be seen as security though obscurity. That said
you competely ignore that the Port 22 if open is not a security hole
itself. By hiding it you protect yourself from "possible" threads.

AD> Trivial to detect but good enough for some low security
AD> requirements
Proof it.

Thierry Zoller
mailto:Thierry () sniff-em com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]