Re: Anti-spyware at the Gateway
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Anti-spyware at the Gateway

From: Sebastian Gottschalk <seppi@seppig.de>
Date: Tue Mar 14 2006 - 13:28:35 CET



Volker Birk wrote:


> Sebastian Gottschalk <seppi@seppig.de> wrote:


>> Volker Birk wrote:


>>> Somebody. <somebody.@nospam.russdoucet.com> wrote:


>>>> Oh wait, I forgot, tunnels are impossible to detect.  Never mind.


>>> You have a problem with logic. No-one said, that it is impossible to


>>> detect a tunnel.


>> But I'm saying so.


> 


> Then you're wrong.


> 


>> Using public key cryptography one can create a tunnel


>> that provably can't be differed from a normal session ID transfer.


> 


> And knowing how it is done means being able to detect.



Assuming the session ID transfer is a fully normal and trusted activtiy


(f.e. logging in at nytimes.com and reading some articles)and the


session ID is a pseudorandom value, you can create a covert channel with


bandwidth efficiency 1/n that is as hard to detect as it is to break


either a chosen n-bit symmetric cipher or RSA of any length.


Received on Mon May  1 00:57:31 2006