Firewalls: Re: Raptor / Seal / Sidwinder , plus E-mail

Firewalls
(July 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Raptor / Seal / Sidwinder , plus E-mail
From:	mike @ fionn . lbl . gov (Michael Helm)
Date:	Sun, 23 Jul 1995 09:22:37 PDT
To:	paul @ hawksbill . sprintmrn . com (Paul Ferguson), edbjr @ mcs . com
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	paul @ hawksbill . sprintmrn . com (Paul Ferguson) "Re: Raptor / Seal / Sidwinder , plus E-mail" (Jul 23, 7:29am)
Reply-to:	mike @ fionn . lbl . gov

On Jul 23,  7:29am, Paul Ferguson wrote:
> > companies who provide E-mail scanning detect "binaries" 
> > particularly when they are encrypted into what would appear to 
> No. There are simply too may formats to attach/send binaries via
> e-mail to be practical.

Maybe you can make the same conclusion using traffic analysis
rather than searching for specific formats.  ("statistics" rather
than "syntax").  Binaries would tend to be larger than typical
email messages, such messages would tend not to resolve to words
in a dictionary, would possibly be transmitted in blocks of
messages, blocks would tend to be broadcast consecutively & closely
in time, blocks would tend to be identical in size, blocks between
the same message partners, &c.

Follow-Ups:

Filtering Email of Binaries (was Raptor / Seal ... )
From: mdr @ vodka . sse . att . com

Indexed By Date	Previous:	Source code From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Date	Next:	Re: taking security direction from vendors -- RealAudio's advice From: "Bryan D. Boyle" <bdboyle @ maverick . erenj . com>
Indexed By Thread	Previous:	Re: Raptor / Seal / Sidwinder , plus E-mail From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Indexed By Thread	Next:	Filtering Email of Binaries (was Raptor / Seal ... ) From: mdr @ vodka . sse . att . com