it looks like this is called QFIRE / MIDDLEMAN (CovNet?) http://cryptome.org/2013/12/nsa-qfire.pdf
of particular note you'll see that this unclassified (high risk side) TAO Covert Network is accessed within a NSA SCIF via a "highly constrained" *cough* VMWare ESX server instance (ala NetTop for back-end) which is then colocated at bare metal and/or directly guest bridged to the SCSnet / NSAnet / *secret networks. . . . one day i'll have more to say about this! (i encourage the leakers to beat me to it ;) --end-top-post-- On Tue, Nov 26, 2013 at 9:03 PM, coderman <[email protected]> wrote: > in the discussion regarding well positioned injection points on the > backbone (QUANTUMINSERT) i have not yet seen discussion of using these > well positioned injection points for covert network connections. > > consider that you are eavesdropping on return path for a given > un-used, high address space of a third party (a lot of that 15.0.0.0/8 > is idle :) > > consider that you can inject arbitrary packets into the egress for > same net block (even if upstream, still sufficient to match route). > > you can now establish a covert TCP connection appearing to come from > the high space of 15.0.0.0/8, of which HP only sees the returning > (encrypted) martians. (and this assumes they're even watching!) > > this "wide stack" approach provides cover via multitudes of idle > address spaces of third parties, while the actual communicators are > hidden. > > > > anxiously awaiting the details on how this is used... > > *sacrifices chickens to the "Snowden Release Gatekeepers" (TM)*
