On Fri, 2004-10-22 at 11:04, Suresh Krishnan wrote:
> Can you give me more details or a pointer to such an attack? I will add
> add some text and a reference to it.
There's a wealth of information about traffic analysis capabilities in
many books about WW-II-era codebreaking.
As a more modern example:
By observing the timing and size of a sequence of packets in and out of
a system acting as a traditional SMTP mail relay, one can most likely
identify probable SMTP flows (3-way handshake of tinygrams, SMTP banner,
HELO, MAIL FROM, one or more RCPT TO, DATA+message, QUIT, tcp
termination tinygrams).
This gives you message size, recipient count, and length of each email
address in the envelope.
You can now correlate messages in with messages out (message out will be
larger by the typical size of a received: header), and may let you
identify messages and possible replies in 1:1 email conversations by
matching the sender and recipient address lengths...
With sufficient data you could also probably also pick out behavioral
quirks such as which correspondents habitually fail to trim quoted
material in replied-to messages.
You may also want to reference the new traffic-flow-security extensions
(extended padding, dummy traffic discards) in the current drafts of
IPsec ESP.
- Bill
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
