|
|
|
|
|
|
by DoctorOetker
2102 days ago
|
|
|
> [...] a specially malformed packet [...] as far as I understand error correcting codes can and are used at different levels of communication protocols (hardware each link, hardware at endpoints, software at end points, ...) I often wonder if recoverable errors at the endpoints are ever used to exfiltrate data? the higher levels of the stack would see the corrected overt message, while underlying levels (hardware or software) that perform the error correction has access to the covert information encoded in the error. This may be testable by FPGA and sorting connections by protocol, origin, destination, ... to identify connections with suspiciously high amount of ECC recoverable errors as compared to the rest. This may be very hard to test if MitM'ed (by ISP, network card manufacturer, ...) such that benign packets get recoverable errors introduced as well (to hide the malicious ones in the noise), which would increase the complexity since now the malicious hardware or software at the endpoints needs to discriminate artificial errors from covert messages over the error channel. There would be many ways of going about this. |
|
|