1996-03-09 - Re: TCP/IP Stego (was CU-SeeMe)

Header Data

From: JonWienke@aol.com
To: mccoy@communities.com
Message Hash: deb7eacc425f2d8e23c986853f46fa231c76d14f5b0335c65055fa5e8fcf22a5
Message ID: <960308043046240672475@emout06.mail.aol.com>
Reply To: _N/A

UTC Datetime: 1996-03-09 11:42:02 UTC
Raw Date: Sat, 9 Mar 1996 19:42:02 +0800

Raw message

From: JonWienke@aol.com
Date: Sat, 9 Mar 1996 19:42:02 +0800
To: mccoy@communities.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <960308043046_240672475@emout06.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-03-08 03:39:00 EST, you write:

>     -It can be applied by two routers which are in the middle
>         of the connection.  The two endpoints of the TCP/IP
>         connection would not even notice.  For example, if I control
>         a router "upstream" of a major connection point and the
>         site I wish to communicate with is in a similar position
>         then I can run the subliminal channel in a "spread spectrum"
>         mode across many connections and the packets can get reset
>         to their original settings by the other site. The user
>         whose stream we fiddled with does not even know that they
>         were used as carrier wave...

You seem to be oblivious to the fact that this technique is only useful for
ISP's, corporate networks, etc. that the average home computer user will
never have access to.  If I want to send a WAV file of my 2 year old son
saying "Hi, gramma" (or a 24-bit color TIFF of him practicing nose-picking
techniques) to my relatives, that is not overtly suspicious behavior, even if
it has a slight amount of background noise (or graininess).  As long as I
don't stego too many bits in the file, and I strip out any overt "I'm crypto"
headers, it will be impossible to prove that stego techniques were used on a
file.  Finding random bits where random bits normally live cannot be used to
prove anything.





Thread