[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
huawei
On 06/13/2013 05:28 PM, Scott Helms wrote:
> Bill,
>
> Certainly everything you said is correct and at the same time is not useful
> for the kinds traffic interception that's been implied. 20 packets of
> random traffic capture is extraordinarily unlikely to contain anything of
> interest and eve if you do happen to get a juicy fragment your chances of
> getting more ate virtually nil. An effective system must either capture
> and transmit large numbers of packets or have a command and control system
> in order to target smaller captures against a shifting list of addresses.
> Either of those things are very detectable. I've spent a significant
> amount of time looking at botnet traffic which has the same kind of
> requirements.
>
I think you're having a failure of imagination that anything less than
a massive amount of information sent back to the attacker could be
useful. I think there are lots and lots of things that could be extremely
useful that would only require a simple message with "got here" back to the
attacker if the "got here" condition was sufficiently interesting. Spying doesn't
have the same motivations as typical botnets for illicit commerce.
Mike
- Follow-Ups:
- huawei
- From: mis at seiden.com (Mark Seiden)
- huawei
- From: khelms at zcorum.com (Scott Helms)
- References:
- huawei
- From: patrick at ianai.net (Patrick W. Gilmore)
- huawei
- From: mike at mtcc.com (Michael Thomas)
- huawei
- From: symack at gmail.com (Nick Khamis)
- huawei
- From: khelms at zcorum.com (Scott Helms)
- huawei
- From: bill at herrin.us (William Herrin)
- huawei
- From: khelms at zcorum.com (Scott Helms)