Packet Defragmentation, Cryptographic Hash Insertion, and subsequent reassembly before passage to datalink
From: Ali Saifullah Khan (whipaz@gem.net.pk)Date: 10/25/02
- Previous message: Clint Byrum: "Re: Detecting trojans on random ports with encrypted traffic..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ali Saifullah Khan" <whipaz@gem.net.pk> To: <focus-linux@securityfocus.com>, <focus-ids@securityfocus.com> Date: Fri, 25 Oct 2002 20:50:28 +0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In a post a few days back, i had asked for opinions on the
possibility of reading packets at the TCP Layer.
I received a good response, which allowed further progression of my
research into the topic.
Another question has propped up for which i require the views of
subscribers on this list.
Can a packet be stripped of its TCP header at the TCP Layer, and
processed further before it is allowed to move on to the datalink
layer ? If so, is it possible to insert a cryptographic hash into the
processed packet which will aid the IDS in keeping a track of the
packet's traversal of the network ? Is this theory practical, and if
so, what are the clauses and technical details we have to consider
before we proceed into its implementation ?
Thankyou.
Ali Saifullah Khan,
Asstt. Project Administrator,
GemSEC Information Security Division,
Gem Internet Services, (Pvt.) Ltd.
Key ID : 0xA3B7379C
Key Fingerprint : 111F D465 3FB0 C02E 4080 8DE6 D887 CA97 A3B7 379C
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPbloQNiHypejtzecEQIcTgCg4s1ghGl0oDseXqxH2WztTeoxoQIAn2yc
K681epPLmMSH/csgeQZLqk/z
=OIdW
-----END PGP SIGNATURE-----
- Previous message: Clint Byrum: "Re: Detecting trojans on random ports with encrypted traffic..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
