|
Edited on Sat Dec-24-05 04:18 PM by Moochy
I'm sure that encrypted data gets an elevated profile. Despite encryption of the data, the routing information tells alot, and from that much can be inferred about the nature of the encrypted data. IE> is it a VPN ? is it FTP traffic of a Warez Pirate? etc.
A friend of mine works at a network security company and designs suites of "intrusion detection, and anomaly detection" software suites that are used by high-security computer shops that demand a high degree of awareness of potential attacks. He's spoken with folks at Crypto-con(?) and he spoke with white hats who said that encrypted data is flagged, tagged and watched.
Apparently one can figure out alot of what is going on between two computers even with the data portion scrambled, using neural nets and timing the way the packets flow etc. one can predict what applications are being run with startling accuracy. (Take this with a grain of salt, since I heard it anectodotally, via a friend of a friend, but a reliable and smart friend nonetheless.)
And like you mentioned if a conversation / interchange of TCP/IP packets scores a certain level, then that could trigger more action by non-computer agents.
|