On 6/14/13, Scott Helms <khelms () zcorum com> wrote:
backdoors (intentional or not) are in most if not all gear. Having said
that, it would still be pretty obvious in mass and over time to have
packets going to a predesignated host. Its not really possible for a box
to know whether its in a "real" network or a lab with Spirent or other
traffic generator hooked to it.
It wouldn't have to send packets to a predefined host.
Conceivably, it could leak bits of information by modulating the
timing of packets forwarded by it, the spacing in times of packets
from simple legitimate HTTP, DNS, or ICMP response, from behind the
router, for protocols involving multiple RTTs, could be used to
encode bits of information to be transmitted covertly.
; furthermore, the signalling to start communicating over the
"timing based" hidden channel, could be established in various
ways that would thoroughly disguise the malicious nature of the