Vulnerability Development mailing list archives
Re: Covert Channels
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 23 Oct 2002 10:28:51 -0700
Jose Nazario wrote:
for the reasons clearly stated by several bright individuals on this topic previously, any product which claims to detect and defeat covert channels on a network (or even a multiuser system) is snake oil.
No more than an IDS vendor. An IDS does not stop, or even detect, all intrusions. A covert channel detector would be the same thing (and would probably just be an IDS add-on.) That is, it would detect known covert channel methods, might have some logic to detect some possible unknown attempts. It would have frequent signature updates, etc... you know the drill.
If someone thinks an IDS is useful (and I'm not trying to say they aren't) then there is no reason to think a covert channel detector wouldn't be useful for the same reason.
BB
Current thread:
- RE: Covert Channels, (continued)
- RE: Covert Channels Dom De Vitto (Oct 19)
- Re: Covert Channels Craig Baltes (Oct 17)
- Re: Covert Channels CJ Oster (Oct 17)
- Re: Covert Channels Rohit Sharma (Oct 17)
- Re: Covert Channels Chris Reining (Oct 18)
- Re: Covert Channels Darryl Luff (Oct 18)
- Re: Covert Channels Valdis . Kletnieks (Oct 18)
- Re: Covert Channels Jeff Nathan (Oct 19)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- RE: Covert Channels Cade Cairns (Oct 24)
- Re: Covert Channels Jose Nazario (Oct 23)
- Re: Covert Channels Roland Postle (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Message not available
- Message not available
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)