As much as I dislike the notion of putting it to use, SilentRunner by
Raytheon has the capacity, I believe, to detect this. It looks for related
patterns of traffic, and groups those patterns together. ICMP or other such
packets that differ from the norm would stand out and be grouped as such,
making them easier to analyze.

----- Original Message -----
From: "Yune Sung" <yuneNETIAN.COM>
To: <FOCUS-IDSSECURITYFOCUS.COM>
Sent: Wednesday, April 18, 2001 4:49 AM
Subject: Covert Channel Detect

> I'm just a neophyte at IDS.
> Please let this be discarded away if this is banal.
>
> I doubt if there is an IDS to detect to an extent a
> covert channel communication?
>
> I know snort has only a way to identify covert
> channels by using icmp_id and icmp_seq. But this is
> ridiculous because I guess there will be a variety of
> methods to implement covert channels using tcp and
> udp or something along with their ID number, Seq
> Number and so on.
>
> Thanks in advance....

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]