

Guide to Encrypted Dynamic Covert Channels - turboborland
http://turboborland.blogspot.com/2008/12/guide-to-encrypted-dynamic-covert.html

======
jws
I think it would be more clever to use an actual valid TCP connection and hide
the data in the fragment sizes, timing, push flags, and other various legal
flags and options available. This doesn't let you mask your source, but it
allows two way communication.

------
turboborland
With that kind of covert channel an active warden system would easily find you
modifying traffic or distributing strange packets into the network. Don't
forget that a lot of new stateful security has great heuristics abilities.

