Options
Subrosa
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
in Off-Topic
So I was reading irongeeks page today and came across this:
Joff Thyer - Covert Channels using IP Packet Headers Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
My packetFu isn't that great (yet) but this seems like it would could be major issue. DPI should do the trick (assuming you have something in place that can do that, right?)
Joff Thyer - Covert Channels using IP Packet Headers Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
My packetFu isn't that great (yet) but this seems like it would could be major issue. DPI should do the trick (assuming you have something in place that can do that, right?)
Comments
-
Options
L0gicB0mb508
Member Posts: 538
It could be an issue. It would really depend on how your NIDS was set up and what kind of correlation ability you have.I bring nothing useful to the table... -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Most NIDS/HIDS devices should be able to spot non rfc compliant traffic, especially if it were coming to and from a box.