[163719] in North American Network Operators' Group
Re: huawei
daemon@ATHENA.MIT.EDU (Scott Helms)
Fri Jun 14 19:51:58 2013
In-Reply-To: <CAAAwwbVWsGcJsOqn0Z0uXkiqGcTr8d7EVtXD_Up_5ATe0fsqTg@mail.gmail.com>
Date: Fri, 14 Jun 2013 19:51:22 -0400
From: Scott Helms <khelms@zcorum.com>
To: Jimmy Hess <mysidia@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Really? In a completely controlled network then yes, but not in a
production system. There is far too much random noise and actual latency
for that to be feasible.
On Jun 14, 2013 7:35 PM, "Jimmy Hess" <mysidia@gmail.com> wrote:
> On 6/14/13, Scott Helms <khelms@zcorum.com> wrote:
>
> > backdoors (intentional or not) are in most if not all gear. Having said
> > that, it would still be pretty obvious in mass and over time to have
> > packets going to a predesignated host. Its not really possible for a box
> > to know whether its in a "real" network or a lab with Spirent or other
> > traffic generator hooked to it.
>
> It wouldn't have to send packets to a predefined host.
>
> Conceivably, it could leak bits of information by modulating the
> timing of packets forwarded by it, the spacing in times of packets
> from simple legitimate HTTP, DNS, or ICMP response, from behind the
> router, for protocols involving multiple RTTs, could be used to
> encode bits of information to be transmitted covertly.
>
> ; furthermore, the signalling to start communicating over the
> "timing based" hidden channel, could be established in various
> ways that would thoroughly disguise the malicious nature of the
> attacker's signalling.
>
> --
> -JH
>
