I can't agree Jimmy, I don't see a few bps being anywhere close to being useful in any of the scenarios your describe especially because there are easier ways of doing those things. To do any of that the first thing you have to do is establish the C&C channel so now you have a very low bit rate bi-directional communication so by the time the C&C asks the router to start stealing a key the IP of one of the IPSEC tunnel has changed. If the router intercepts traffic for a given IP or block what is going to do with it? It has very little non-volatile storage and we have such a low bit rate of communication that it can't just send a copy. A core router seldom has so many spare CPU cycles & free RAM that it can afford to read through the data and glean the interesting bits. Scott Helms Vice President of Technology ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms -------------------------------- On Sat, Jun 15, 2013 at 2:56 AM, Jimmy Hess <mysidia@gmail.com> wrote:
Is it possible? Yes, but it's not feasible because the data rate would be too low. That's what I'm trying to get across. There are lots things
On 6/14/13, Scott Helms <khelms@zcorum.com> wrote: that
can be done but many of those are not useful. [snip]
I agree that the data rate will be low. I don't agree that it's not feasible.
There will be indeed be _plenty_ of ways that a low bit rate channel can do everything the right adversary needs.
A few bits for second is plenty of data rate for sending control commands/rule changes to a router backdoor mechanism, stealing passwords, or leaking cryptographic keys required to decrypt the VPN data stream intercepted from elsewhere on the network, leaking counters, snmp communities, or interface descriptions, or criteria-selected forwarded data samples, etc....
-- -JH