tag:blogger.com,1999:blog-7652481.post114666570574415909..comments2012-02-21T00:57:21.589-05:00David Biancohttp://www.blogger.com/profile/09760835714791462863noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7652481.post-1146708719921270812006-05-03T22:11:00.000-04:002006-05-03T22:11:00.000-04:00Thanks, though I can't take the credit for the idea of traffic analysis, or even for analysis to detect DNS tunnels. I do think it's the most general solution, though. The trick is finding the right type of analysis. <BR/><BR/>In fact, I've been set straight about an error I made interpreting the DNS protocol, so I'm working on a couple of other possible ideas now, even involving some basic statistical analysis. It's not my area of specialty (yet??) but I hope to have more to report soon.vDavid Biancohttp://www.blogger.com/profile/09760835714791462863noreply@blogger.comtag:blogger.com,1999:blog-7652481.post-1146698898580150112006-05-03T19:28:00.000-04:002006-05-03T19:28:00.000-04:00Fsking brilliant. <BR/><BR/>No matter what they do, they'll stand out by some means or other. I can see this approach applied in all sorts of ways. Nice work!JimmytheGeekhttp://www.blogger.com/profile/07443526997444888294noreply@blogger.com