Re: DPI evasion

[gremlin () gremlin ru]

On 17-Dec-2012 18:24:36 +0700, kai () rhynn net wrote:

> > Commercial VPN's (at least in the uk) need to keep login and
> > out times for accounts, this can be used to confirm you where
> > on-line at the same time as mp3 where being shared from that
> > VPN

That's a good reason to keep the connection persistent.

> in Russia all ISPs have to use SORM
> (http://en.wikipedia.org/wiki/SORM#SORM-2) which (as far as
> i know) marks every passing packet with special fingerprint,
> to have the full evidence who and when has downloaded that
> illegal mp3

It does not, because it works in a completely different manner:
upon getting the request from outside, it starts gathering the
traffic according to requested criteria.

Consider this equipment as a Linux host with tcpdump (which it
really is, with added interface that even a police officer can
use).

> (or who blames the government on twitter).

Twitter is very restrictive for that - to blame the governments in
the way they really deserve, one needs to write several megabytes :-)

> so how do you think, assuming that there are no backdoors (and
> possible MITM attacks) in SSL and SSH2 protocols, will ISPs be
> able to read users' emails and intercept other sensitive data
> (mp3s :-) ) which was sent over SSL+SSH?

Normally no, but... there are rumors about one Asian state being
able to bruteforce Rijndael encryption using custom hardware.

> or should we use some other technics/protocols?

More users on VPN servers + random delays on both VPN and outer
interfaces == less correlation between users and data streams.


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/