this post was submitted on 07 Sep 2024
468 points (92.5% liked)
Technology
59555 readers
3874 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I also like the idea of ptunnel
I don’t understand how that can be reliable without being extremely obvious.
Yeah, any off the shelf network intrusion software would probably immediately flag either of those based solely on the amount of traffic.
Well it would be obvious. Any decent network tool would be able to filter traffic on a port or type (ICMP, DNS, etc).
“Wonder why this kid has 2.5Gb of DNS traffic last week? That isn’t normal. Maybe we should go check it out”
The trick to staying hidden is to look like noise. And this would not be noise.
In 2014 when I was in the hospital for a week I got a visit from their IT. Seems like pushing 5 to 10 gig a day through a ssh connection triggered something. Just a gig of ICMP of any variety would trip a alarm.