[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Interesting idea for a covert channel or I justdidn't research enough?
- To: Aditya Deshmukh <adityad2005@xxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Interesting idea for a covert channel or I justdidn't research enough?
- From: Thierry Zoller <Thierry@xxxxxxxxxxxx>
- Date: Sat, 8 Oct 2005 15:27:51 +0200
Dear Aditya Deshmukh,
AD> Aren't these all different versions of portknocking ? All of
AD> them work untill someone outside can figure out the pattern of
AD> events - at most I would call this security by obscurity -
Leveraged to real portknocking, i.e "encrypted payloads" (time based)
in different SYN, FYN, etc packets to different ports, you can't
easily get the pattern. Thus it leverages the "protection" over a
level that can be seen as security though obscurity. That said
you competely ignore that the Port 22 if open is not a security hole
itself. By hiding it you protect yourself from "possible" threads.
AD> Trivial to detect but good enough for some low security
AD> requirements
Proof it.
--
Thierry Zoller
mailto:Thierry@xxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/