Vulnerability Development mailing list archives
RE: Covert Channels
From: Jeff Nathan <jeff () wwti com>
Date: Fri, 18 Oct 2002 09:45:52 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Thursday, October 17, 2002 21:02:16 +0100 Dom De Vitto <dom () DeVitto com> wrote: [...]
I'd also suggest you check out cutting edge anti-ids techniques, including using urgent data points and boundary anomalies to cause IDSs to reform data streams differently to OS IP stacks.
[...]
Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:dom () devitto com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I wouldn't want to nit-pick but in the case of stream reassembly evasion and NIDS evasion in general, those sorts of techniques are at least 4 years old. In the case of urgent data there still may be some valid evasion techniques lingering from historical implementations but their result will largely be an off-by-one in the handling of urgent data for strictly RFC compliant stacks. An inline device, of course, doesn't suffer from these issues. It simply enforces a policy, including that of dropping packets that aren't quite right. - -Jeff - -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE9sDrEEqr8+Gkj0/0RAowAAJ9CMfX/SeafPoLm6r3xpZ+8PC8U3QCgj2ZX Y2klv4OiOwnejyRyHvk5+4I= =ZY1H -----END PGP SIGNATURE-----
Current thread:
- RE: Covert Channels, (continued)
- RE: Covert Channels Ofir Arkin (Oct 19)
- RE: Covert Channels Michal Zalewski (Oct 19)
- Re: Covert Channels Dragos Ruiu (Oct 21)
- Re: Covert Channels Roland Postle (Oct 22)
- RE: Covert Channels Roland Postle (Oct 21)
- Re: Covert Channels Roland Postle (Oct 17)
- RE: Covert Channels Jeff Nathan (Oct 19)
- RE: Covert Channels Dom De Vitto (Oct 19)
- Re: Covert Channels Valdis . Kletnieks (Oct 18)
- Re: Covert Channels Jeff Nathan (Oct 19)
- Re: Covert Channels Jose Nazario (Oct 23)