With the CPU and RAM available in a router that has to actually continue functioning at the same time? Exactly how much data through put would you consider to be usable in this scenario? Again, my point is not that its impossible but that all these things are impractical AND there are easier/faster/cheaper ways of capturing traffic. There are also easier/faster/cheaper ways of disrupting traffic. Routers in the core are great places to execute a targeted man in the middle attack. They're great places to disrupt traffic by behaving erratically, intentionally mangling dynamic routing protocols, or by simply going dark. They're terrible places for gathering non-targeted information because the amount of data flowing through them means that that the likelihood of any give packet having any value is very very low. If the goal includes stealing data then leveraging edge routing is much more realistic and leveraging PCs is several orders of magnitude better because there is much more available horsepower and its much easier to make a PC passively listen for interesting data on its own. Scott Helms Vice President of Technology ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms -------------------------------- On Sat, Jun 15, 2013 at 4:12 AM, Eugen Leitl <eugen@leitl.org> wrote:
On Fri, Jun 14, 2013 at 07:51:22PM -0400, Scott Helms wrote:
Really? In a completely controlled network then yes, but not in a production system. There is far too much random noise and actual latency for that to be feasible.
The coding used for the stegano side channel can be made quite robust, see watermarking.