Really? In a completely controlled network then yes, but not in a production system. There is far too much random noise and actual latency for that to be feasible. On Jun 14, 2013 7:35 PM, "Jimmy Hess" <mysi...@gmail.com> wrote:
> On 6/14/13, Scott Helms <khe...@zcorum.com> wrote: > > > backdoors (intentional or not) are in most if not all gear. Having said > > that, it would still be pretty obvious in mass and over time to have > > packets going to a predesignated host. Its not really possible for a box > > to know whether its in a "real" network or a lab with Spirent or other > > traffic generator hooked to it. > > It wouldn't have to send packets to a predefined host. > > Conceivably, it could leak bits of information by modulating the > timing of packets forwarded by it, the spacing in times of packets > from simple legitimate HTTP, DNS, or ICMP response, from behind the > router, for protocols involving multiple RTTs, could be used to > encode bits of information to be transmitted covertly. > > ; furthermore, the signalling to start communicating over the > "timing based" hidden channel, could be established in various > ways that would thoroughly disguise the malicious nature of the > attacker's signalling. > > -- > -JH >