Re: Traffic Analysis

To: Ben Harris <bjh21%bjh21.me.uk@localhost>, clonvick%cisco.com@localhost
Subject: Re: Traffic Analysis
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Mon, 17 Jan 2005 09:09:18 +0100

On Mon, Jan 17, 2005 at 12:14:40AM +0000, Ben Harris wrote:
> In article <Pine.HPX.4.58.0501161506080.12089%edison.cisco.com@localhost> you write:
> >9.2.9  Traffic Analysis
> >
> >   Passive monitoring of any protocol may give an attacker some
> >   information about the session, the user, or protocol specific
> >   information that they would otherwise not be able to garner.  For
> >   example, it has been shown that traffic analysis of an SSH session
> >   can yield information about the length of the password.  [Openwall]
> >   Implementors should use the SSH_MSG_IGNORE packet as described in
> >   [SSH-TRANS] along with any other methods they may find to prevent
> >   traffic analysis.
> 
> It might also be worth mentioning that the "random padding" field can be
> used to obscure the length of packets.  I'd suggest, after "SSH_MSG_IGNORE
> packet" adding ", and variable-length random padding,", though that wording
> could doubtless be improved.

please don't add this, random padding is wrong and
does not really help, as it can be filtered out.

Follow-Ups:
- Re: Traffic Analysis
  - From: Joseph Galbraith
- Re: Traffic Analysis
  - From: Ben Harris

References:
- Traffic Analysis
  - From: Chris Lonvick
- Re: Traffic Analysis
  - From: Ben Harris

Prev by Date: Re: Traffic Analysis
Next by Date: Re: Traffic Analysis
Previous by Thread: Re: Traffic Analysis
Next by Thread: Re: Traffic Analysis
Indexes:

Home | Main Index | Thread Index | Old Index