Targeted how without an active C&C system? On Jun 13, 2013 10:01 PM, "Jimmy Hess" <mysi...@gmail.com> wrote:
> On 6/13/13, Patrick W. Gilmore <patr...@ianai.net> wrote: > > It should be trivial to prove to yourself the box is, or is not, doing > > something evil if you actually try. > > What if it's not doing anything evil 99% of the time... after all > 90%+ of traffic may be of no interest to a potential adversary, but > there is a backdoor mechanism that allows "targetted evilness" to be > enabled? > > Sniffing on a targetted IP address can be disguised as "legitimate" > return traffic, to a connection actually initiated from the "backdoor > data interaction point" to some other web server, creating a ruse.. > > A low-bandwidth fabricated return flow on top of the legitimate > return flow once every few months, or every few days is extremely > likely to go unnoticed, on any network that has a significantly > large amount of normal production traffic. > > > > -- > > TTFN, > > patrick > -- > -JH > >
