Home page logo

nanog logo nanog mailing list archives

Re: huawei
From: Scott Helms <khelms () zcorum com>
Date: Fri, 14 Jun 2013 19:51:22 -0400

Really? In a completely controlled network then yes, but not in a
production system.  There is far too much random noise and actual latency
for that to be feasible.
On Jun 14, 2013 7:35 PM, "Jimmy Hess" <mysidia () gmail com> wrote:

On 6/14/13, Scott Helms <khelms () zcorum com> wrote:

backdoors (intentional or not) are in most if not all gear.  Having said
that, it would still be pretty obvious in mass and over time to have
packets going to a predesignated host.  Its not really possible for a box
to know whether its in a "real" network or a lab with Spirent or other
traffic generator hooked to it.

It wouldn't have to send packets to a predefined host.

Conceivably,  it could leak  bits of information by modulating the
timing of packets forwarded by it,  the spacing in times of packets
from simple legitimate HTTP,  DNS, or ICMP response,  from behind the
router,  for protocols involving multiple RTTs,  could be   used to
encode bits of information to be transmitted covertly.

;   furthermore,  the signalling  to start communicating over the
"timing based" hidden channel,   could be established   in various
ways that would thoroughly disguise the malicious nature of the
attacker's signalling.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]