Attention to covert channels has largely increased due to the documents published by E. Snowden, which described the software and hardware embedding that implement undeclared features of covert information transfer in the Huawei and Juniper network equipment, Apple mobile phones and computers with the Windows XP operating system. A covert channel can be built using any information technology, but often attackers build covert channels in IP networks, since they are widespread, have a high information transfer rate, and ubiquitous information security measures, such as traffic encryption, do not affect the possibility of covert transmission of information via some types of such channels. The limitation of their bandwidth is a promising direction for countering information leakage via network covert channels. This study considers network timing covert channels, provides a method for assessing their capacity, proposes and investigates a way to counter information leakage via such covert channels by introducing noise having added delays before sending packets. The values of the delays are distributed in two different ways: uniformly and according to distribution with a decreasing probability density function. As an experiment, the temporal characteristics of IP traffic from a host in the internal network to a public service were obtained, which were used to verify the obtained methods for assessing the covert channel capacity. A distinctive feature of the calculations is an illustration of the possibility to minimize the load on the communication channel in the context of introducing a countermeasure method, as well as taking into consideration the fact that the intruder's ability to observe the current conditions in the network allows him to adjust the parameters of information transfer to the load in the communication channel, thereby maintaining the maximum possible covert channel bandwidth.