lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20121218092954.GE16584@gremlin.ru>
Date: Tue, 18 Dec 2012 13:29:54 +0400
From: gremlin@...mlin.ru
To: full-disclosure@...ts.grok.org.uk
Subject: Re: DPI evasion

On 17-Dec-2012 18:24:36 +0700, kai@...nn.net wrote:

 > > Commercial VPN's (at least in the uk) need to keep login and
 > > out times for accounts, this can be used to confirm you where
 > > on-line at the same time as mp3 where being shared from that
 > > VPN

That's a good reason to keep the connection persistent.

 > in Russia all ISPs have to use SORM
 > (http://en.wikipedia.org/wiki/SORM#SORM-2) which (as far as
 > i know) marks every passing packet with special fingerprint,
 > to have the full evidence who and when has downloaded that
 > illegal mp3

It does not, because it works in a completely different manner:
upon getting the request from outside, it starts gathering the
traffic according to requested criteria.

Consider this equipment as a Linux host with tcpdump (which it
really is, with added interface that even a police officer can
use).

 > (or who blames the government on twitter).

Twitter is very restrictive for that - to blame the governments in
the way they really deserve, one needs to write several megabytes :-)

 > so how do you think, assuming that there are no backdoors (and
 > possible MITM attacks) in SSL and SSH2 protocols, will ISPs be
 > able to read users' emails and intercept other sensitive data
 > (mp3s :-) ) which was sent over SSL+SSH?

Normally no, but... there are rumors about one Asian state being
able to bruteforce Rijndael encryption using custom hardware.

 > or should we use some other technics/protocols?

More users on VPN servers + random delays on both VPN and outer
interfaces == less correlation between users and data streams.


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ