What protocols have empty space in the headers whereby I can add my 'message' and send it along with legit traffic? I would think most all..
On Thu, Jun 13, 2013 at 8:16 PM, Scott Helms <khe...@zcorum.com> wrote: > What protocol is a DPI vector? In what way is making a router even > remotely efficient as a method of end to end covert communication? There > are thousands (if not millions) of ways for two hosts to exchange data > without it being detectable that's much faster and cheaper than involving > the network infrastructure. > > Kill switches and secret back doors are all feasible but the rest of this > is fantasy. > On Jun 13, 2013 10:05 PM, "Michael Thomas" <m...@mtcc.com> wrote: > > > On 06/13/2013 06:57 PM, Scott Helms wrote: > > > >> > >> What you're describing is a command and control channel unless you're > >> suggesting that the router itself had the capacity to somehow discern > that. > >> That's the problem with all the pixie dust theories. The router > can't, > >> it doesn't know who the rebels are much less their net block ahead of > time. > >> Something has to pass rules to the box to be able trigger off of. > >> > >> > > I think you're misunderstanding: the router is watching traffic and gives > > clues > > that "we're gassing the rebels" that was added to all of the DPI vectors > > which get surreptitiously added to the other DPI terms unbeknownst to the > > owner and sent back to the attacker. That's enormously powerful. All it > > takes > > is sufficient money and motivation. Is this speculative? Of course -- I'm > > not > > a spook. Is it possible? You bet. > > > > Mike > > > -- Phil Fagan Denver, CO 970-480-7618
