Ask HN: Intel ME countermeasure idea

1 points by gradschool ↗ HN
Quick question about an Intel ME countermeasure that just occurred to me:

Modify the Linux network stack to add an identifiable tag to every outgoing packet, pass all traffic through a firewall running on a pre-2006 laptop that drops packets without the tag, and change the tag more frequently than the ME can adapt.

Can any knowledgeable network programmers comment on the feasibility before I get too carried away with the idea?

1 comment

[ 4.1 ms ] story [ 11.0 ms ] thread
This sounds like you might need to define your threat model in a little more detail. I don't think the threat such that you might catch ME sending out data while you're looking for it in this way.

But let's say I was your attacker, I would simply encode some data in the timing between each individual packet that I am sending out on behalf of the kernel: imagine a sort of morse code where that are long pauses between packets for dashes and short pauses between dots.

So now all I have to do is convince your ISP to let me look at your packages timing.