huawei

Jimmy Hess mysidia at gmail.com
Fri Jun 14 23:35:38 UTC 2013


On 6/14/13, Scott Helms <khelms at zcorum.com> wrote:

> backdoors (intentional or not) are in most if not all gear.  Having said
> that, it would still be pretty obvious in mass and over time to have
> packets going to a predesignated host.  Its not really possible for a box
> to know whether its in a "real" network or a lab with Spirent or other
> traffic generator hooked to it.

It wouldn't have to send packets to a predefined host.

Conceivably,  it could leak  bits of information by modulating the
timing of packets forwarded by it,  the spacing in times of packets
from simple legitimate HTTP,  DNS, or ICMP response,  from behind the
router,  for protocols involving multiple RTTs,  could be   used to
encode bits of information to be transmitted covertly.

;   furthermore,  the signalling  to start communicating over the
"timing based" hidden channel,   could be established   in various
ways that would thoroughly disguise the malicious nature of the
attacker's signalling.

--
-JH




More information about the NANOG mailing list