Vulnerability Development mailing list archives
Re: Covert Channels
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Wed, 23 Oct 2002 17:45:17 -0400 (EDT)
On Wed, 23 Oct 2002, Roland Postle wrote:
I disagree. How do you detect an attack (involving a low level buffer overflow etc..) that rides inside an encrypted session?
The whole issue of IDSes (and virus scanners) dealing with encrypted sessions (SSL, SSH, PGP mail, etc) is a mess in all aspects - no matter whether you talk about attack detection, covert channel detection, policy enforcement, etc, and it's a tough call - either a matter of host-based analysis on the endpoint; complex key management and transparent decryption; using centralized encryption mechanisms, or such. My statement applied only to sessions that can be viewed, either on the wire or on the endpoint. Yes, saying this may be too much, yet I still stand by the opinion this is the case in general, to which there may be some fairly specific exceptions.
Once again privacy and protection come head to head. Using encryption compromises your network,
Compromises the infrastructure, protects the information. You can't have privacy with compromised infrastructure, you can't have privacy if your sessions are being watched or tampered with... Don't we all love that?;) -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2002-10-23 17:36 --
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels Jeff Nathan (Oct 19)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- RE: Covert Channels Cade Cairns (Oct 24)
- Re: Covert Channels Jose Nazario (Oct 23)
- Re: Covert Channels Roland Postle (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Message not available
- Message not available
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Roland Postle (Oct 24)
- RE: Covert Channels Omar Herrera (Oct 23)