Derek Atkins <[EMAIL PROTECTED]> writes: > Hrm, how about a worm with a built-in HTTP server that installs itself > on some non-standard port, say TCP/28462 (to pick one at random)?
Too easy to detect. Encrypt the key in some key known only to the attacker, and start leaking little bits of it in things like tweaks to tcp timings or selections of tcp client port numbers or initial sequence numbers and such. Very hard to detect something like that with network sniffing. -- Perry E. Metzger [EMAIL PROTECTED] -- NetBSD Development, Support & CDs. http://www.wasabisystems.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
