another tool to detect *encrypted streams* (which may be overt or covert)
is netics, from fellow monkey.org user marius eriksen:
http://monkey.org/~marius/pages/?page=netics
it employs decent statistical tests to determine the entropy of a channel
which may indicate encryption where you expect it or not.
________
jose nazario, ph.d. [EMAIL PROTECTED]
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
