
Ask HN: Intel ME countermeasure idea - gradschool
Quick question about an Intel ME countermeasure that just occurred to me:<p>Modify the Linux network stack to add an identifiable tag to every outgoing packet, pass all traffic through a firewall running on a pre-2006 laptop that drops packets without the tag, and change the tag more frequently than the ME can adapt.<p>Can any knowledgeable network programmers comment on the feasibility before I get too carried away with the idea?
======
yoo1I
This sounds like you might need to define your threat model in a little more
detail. I don't think the threat such that you might _catch_ ME sending out
data while you're looking for it in this way.

But let's say I was your attacker, I would simply encode some data in the
__timing __between each individual packet that I am sending out on behalf of
the kernel: imagine a sort of morse code where that are long pauses between
packets for dashes and short pauses between dots.

So now all I have to do is convince your ISP to let me look at your packages
timing.

