Home page logo

nanog logo nanog mailing list archives

Re: huawei
From: Scott Helms <khelms () zcorum com>
Date: Thu, 13 Jun 2013 22:11:37 -0400

Targeted how without an active C&C system?
On Jun 13, 2013 10:01 PM, "Jimmy Hess" <mysidia () gmail com> wrote:

On 6/13/13, Patrick W. Gilmore <patrick () ianai net> wrote:
It should be trivial to prove to yourself the box is, or is not, doing
something evil if you actually try.

What if it's not doing anything evil  99% of the time... after all
90%+ of traffic may be of no interest to a potential adversary, but
there is a backdoor mechanism that allows "targetted evilness"  to be

Sniffing on a targetted IP address can be disguised as "legitimate"
return traffic, to a connection actually initiated from the "backdoor
data interaction point" to some other web server,  creating a ruse..

A low-bandwidth fabricated  return flow  on top of the legitimate
return flow once every few months, or every few days is extremely
likely to go unnoticed,  on any  network that has a significantly
large amount of normal production traffic.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]