[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP/IP Stego (was CU-SeeMe)
In a message dated 96-03-08 03:39:00 EST, you write:
> -It can be applied by two routers which are in the middle
> of the connection. The two endpoints of the TCP/IP
> connection would not even notice. For example, if I control
> a router "upstream" of a major connection point and the
> site I wish to communicate with is in a similar position
> then I can run the subliminal channel in a "spread spectrum"
> mode across many connections and the packets can get reset
> to their original settings by the other site. The user
> whose stream we fiddled with does not even know that they
> were used as carrier wave...
You seem to be oblivious to the fact that this technique is only useful for
ISP's, corporate networks, etc. that the average home computer user will
never have access to. If I want to send a WAV file of my 2 year old son
saying "Hi, gramma" (or a 24-bit color TIFF of him practicing nose-picking
techniques) to my relatives, that is not overtly suspicious behavior, even if
it has a slight amount of background noise (or graininess). As long as I
don't stego too many bits in the file, and I strip out any overt "I'm crypto"
headers, it will be impossible to prove that stego techniques were used on a
file. Finding random bits where random bits normally live cannot be used to
prove anything.