On Wed, 2002-10-23 at 16:29, Michal Zalewski wrote: > On Wed, 23 Oct 2002, Richard Masoner wrote: > > > In the Trusted Systems world, covert channel analysis and detection is > > something that is done, and in that community it's considered science, > > not snake oil. > > The discussion, as far as I recall, is about typical (n)IDS > implementations that protect regular servers, trying to detect any hidden > data streams established between two network endpoints. There are only two > cases where this kind of detection would be useful compromised internal > host, or a hostile user. Whether it makes sense to discuss and/or deploy > this functionality, is one of the subjects of the discussion. Quite so. If you think of something like frequency-agile radio, we have the case of a covert channel where neither endpoint is "compromised" and the purpose of the technology in this case is to remain undetectable (by the channels being barely above background noise) and untappable (since something like a one-time pad is used to control channel switching). /anton
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 14:56:30 PDT