On Wed, 15 Oct 2014 20:22:56 -0400 Ian Grant wrote: > Moved to misc. > > Yes, you missed something: the point :-) > > The idea is that the existence of this entire 'ultranet' is > undetectable by even someone snooping all national traffic. So a TCP > port 80 connection looks to the snooper _exactly_ like an HTTP > connection handshake. Only the ISN and the source address mark the > connection as 'ultra' and take it into a back room where it connects > to the real network. If the snooper tries to connecto to that port > they the same HTTP service that all the other muggles see.
I still don't see the benefit though but do see added complexity or more code to audit. Reducing DDOS against a visible SSH service maybe? Reduce password attempts on your logs allowing them to go after targets that might actually use passwords (port change also works there, I find)?
