| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43456621.7c2cd742.65f6.1b44@mx.gmail.com> Date: Thu Oct 6 19:00:09 2005 From: pmelson at gmail.com (Paul Melson) Subject: Interesting idea for a covert channel or I justdidn't research enough? -----Original Message----- > I bring this up because the logs generated by the firewall do not necessarily reside > only on the device that received the sender's packets. With lots of organizations > working on centralizing log events so that they can correlate findings from different > platforms, the ability to control the content of portions of log messages (say, for > example, the source address reported in a syslog message indicating a dropped packet) > could provide a vector for communicating to highly trusted systems to which one has no > direct network access. The problem with this type of hiding-in-plain-sight covert channel is that it is subject to modification between sender and recipient, in this specific case making the victim the man in the middle. An aware victim could quickly become an attacker. The malware applications of this are moderately interesting but the implications of this type of communication model in espionage are extremely interesting. All sorts of implications and impacts (for instance, a double agent might intentionally use this type of communication because it's easily intercepted and modified). I would guess that if there is a book on covert channels for spies out there, this is in the chapter of things NOT to do. PaulM
Powered by blists - more mailing lists