[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

huawei

Subject: huawei
From: khelms at zcorum.com (Scott Helms)
Date: Thu, 13 Jun 2013 22:11:37 -0400
In-reply-to: <CAAAwwbVvLO6V1t47Ho661a5dRGhZzHsN_fCBqyHt5hLh5qoUxw@mail.gmail.com>
References: <2116700651-1371140872-cardhu_decombobulator_blackberry.rim.net-420291214-@b4.c20.bise6.blackberry> <[email protected]> <CAAAwwbVvLO6V1t47Ho661a5dRGhZzHsN_fCBqyHt5hLh5qoUxw@mail.gmail.com>

Targeted how without an active C&C system?
On Jun 13, 2013 10:01 PM, "Jimmy Hess" <mysidia at gmail.com> wrote:

> On 6/13/13, Patrick W. Gilmore <patrick at ianai.net> wrote:
> > It should be trivial to prove to yourself the box is, or is not, doing
> > something evil if you actually try.
>
> What if it's not doing anything evil  99% of the time... after all
> 90%+ of traffic may be of no interest to a potential adversary, but
> there is a backdoor mechanism that allows "targetted evilness"  to be
> enabled?
>
> Sniffing on a targetted IP address can be disguised as "legitimate"
> return traffic, to a connection actually initiated from the "backdoor
> data interaction point" to some other web server,  creating a ruse..
>
> A low-bandwidth fabricated  return flow  on top of the legitimate
> return flow once every few months, or every few days is extremely
> likely to go unnoticed,  on any  network that has a significantly
> large amount of normal production traffic.
>
>
> > --
> > TTFN,
> > patrick
> --
> -JH
>
>

Follow-Ups:
- huawei
  - From: mysidia at gmail.com (Jimmy Hess)

References:
- huawei
  - From: patrick at ianai.net (Patrick W. Gilmore)
- huawei
  - From: mysidia at gmail.com (Jimmy Hess)

Prev by Date: huawei
Next by Date: huawei
Previous by thread: huawei
Next by thread: huawei
Index(es):
- Date
- Thread