Re: Anti-spyware at the Gateway

---

• From: Sebastian Gottschalk <seppi@xxxxxxxxx>
• Date: Tue, 14 Mar 2006 14:12:41 +0100

---

Volker Birk wrote:

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote:

Using public key cryptography one can create a tunnel
that provably can't be differed from a normal session ID transfer.

And knowing how it is done means being able to detect.

Assuming the session ID transfer is a fully normal and trusted activtiy
(f.e. logging in at nytimes.com and reading some articles)and the
session ID is a pseudorandom value, you can create a covert channel with
bandwidth efficiency 1/n that is as hard to detect as it is to break
either a chosen n-bit symmetric cipher or RSA of any length.

Assuming you know all this and all the keys, you can detect.

You don't know the keys. And then the knowledge about the rest provably
won't help you at all.
.

---

• References:
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Somebody.
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk
  • Re: Anti-spyware at the Gateway
    • From: Sebastian Gottschalk
  • Re: Anti-spyware at the Gateway
    • From: Volker Birk

• Prev by Date: Re: Kids bypassing firewall via web proxy sites
• Next by Date: Re: Kids bypassing firewall via web proxy sites
• Previous by thread: Re: Anti-spyware at the Gateway
• Next by thread: Re: Anti-spyware at the Gateway
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Anti-spyware at the Gateway ... Sebastian Gottschalk wrote: ... that provably can't be differed from a normal session ID transfer. ... And knowing how it is done means being able to detect. ... Assuming the session ID transfer is a fully normal and trusted activtiy ... (comp.security.firewalls) Re: Anti-spyware at the Gateway ... But I'm saying so. ... that provably can't be differed from a normal session ID transfer. ... And knowing how it is done means being able to detect. ... Assuming the session ID transfer is a fully normal and trusted activtiy ... (comp.security.firewalls) [opensuse] Trouble copying (burn) multisession CD ! ... I have tried to burn multi session CD, that has 2 sessions: one normal session ... Clone mode, because Clone mode never worked for me) ... Under Windows, Nero can emulate this ... (SuSE) Curses problem with keymapping in screen and debugging curses ... FreeBSD and Linux: ... All other keys, including alt/meta and some supposedly more ... given session expects. ... (freebsd-questions) Re: In-kernel Authentication Tokens (PAGs) ... userspace can decide that a process should begin a new session. ... Then additional key-ring contexts could be created as ... such keys without creating too much complexity. ... There would be IOCTLs on the key-ring dir handles for getting the ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2006-03