lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Dec 2012 18:24:36 +0700
From: kai@...nn.net
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: DPI evasion

Hi,

> An internet connection and bitTorrent client is enogth to share 
> mp3's...

surely mp3s are just an example, i wanted to discuss DPI evasion in 
general.

> Commercial VPN's (at least in the uk) need to keep login and out 
> times for accounts, this can be used to confirm you where on-line at 
> the same time as mp3 where being shared from that VPN

in Russia all ISPs have to use SORM 
(http://en.wikipedia.org/wiki/SORM#SORM-2) which (as far as i know) 
marks every passing packet with special fingerprint, to have the full 
evidence who and when has downloaded that illegal mp3 (or who blames the 
government on twitter).
so how do you think, assuming that there are no backdoors (and possible 
MITM attacks) in SSL and SSH2 protocols, will ISPs be able to read 
users' emails and intercept other sensitive data (mp3s :-) ) which was 
sent over SSL+SSH? or should we use some other technics/protocols?

> P.S. you may be interested in i2p which has a bitTorrent like client.

thanks for your suggestion, i know i2p (and a lot of info about 
darknets and deepweb), but it doesn't suit my needs.


Cheers,

Kai

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists