Really? In a completely controlled network then yes, but not in a production system. There is far too much random noise and actual latency for that to be feasible. On Jun 14, 2013 7:35 PM, "Jimmy Hess" <mysidia@gmail.com> wrote:
On 6/14/13, Scott Helms <khelms@zcorum.com> wrote:
backdoors (intentional or not) are in most if not all gear. Having said that, it would still be pretty obvious in mass and over time to have packets going to a predesignated host. Its not really possible for a box to know whether its in a "real" network or a lab with Spirent or other traffic generator hooked to it.
It wouldn't have to send packets to a predefined host.
Conceivably, it could leak bits of information by modulating the timing of packets forwarded by it, the spacing in times of packets from simple legitimate HTTP, DNS, or ICMP response, from behind the router, for protocols involving multiple RTTs, could be used to encode bits of information to be transmitted covertly.
; furthermore, the signalling to start communicating over the "timing based" hidden channel, could be established in various ways that would thoroughly disguise the malicious nature of the attacker's signalling.
-- -JH