This is all really good advice. I think it should be published as an RFC.
On Tue, Mar 7, 2017 at 10:53 AM, Stephane Bortzmeyer <bortzmeyer@xxxxxx> wrote:
In the Vault7 leak (malware library of the CIA
<https://wikileaks.org/ciav7p1/ >), there is a page giving advices to
malware authors: how to avoid leaving traces
<https://wikileaks.org/ciav7p1/cms/page_14587109.html >. Among very
good advices, it talks of the IETF:
DO use ITEF [sic] RFC compliant network protocols as a blending
layer. The actual data, which must be encrypted in transit across the
network, should be tunneled through a well known and standardized
protocol (e.g. HTTPS)
Custom protocols can stand-out to network analysts and IDS filters.