nanog mailing list archives
Re: Blocking TCP flows?
From: Phil Fagan <philfagan () gmail com>
Date: Sun, 16 Jun 2013 09:59:08 -0600
Eric, I haven't read the full paper yet, however, are you simply acting as a proxy and redirecting based on the secret tag found in the header? What is your expectation for session/second use? I would think you would need to scale largely, however, I don't have a good understanding of how large the market is for users trying to obfuscate the states firewall/proxy/dns controls etc. ISP seems like a great place to live for that; what have they said so far? On Fri, Jun 14, 2013 at 12:30 PM, Eric Wustrow <ewust () umich edu> wrote:
Oddly enough, anticensorship. We use similar technology as the censors (DPI, flow blocking), but use our system in a non-censoring country's ISP to detect secret tags in connections from censored countries, and serve as a proxy for them. Once we detect a flow with a secret tag passing through the ISP, we block the real flow, and start spoofing half of the connection. We use this covert channel to communicate to the client and act as a proxy. To the censor, this looks like a normal connection to some innocuous, unrelated (and unblocked) website. The obvious difficulty is convincing ISPs to deploy such a proxy. More details can be found at https://telex.cc/ On Fri, Jun 14, 2013 at 3:15 AM, Dobbins, Roland <rdobbins () arbor net> wrote:On Jun 14, 2013, at 2:32 AM, Eric Wustrow wrote:I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10gbps link, with new blocked flows being dropped within a millisecond orsoofbeing added.What's the actual application for this mechanism? ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
-- Phil Fagan Denver, CO 970-480-7618
Current thread:
- Re: Blocking TCP flows?, (continued)
- Re: Blocking TCP flows? Phil Fagan (Jun 13)
- Re: Blocking TCP flows? shawn wilson (Jun 13)
- Re: Blocking TCP flows? Christopher Morrow (Jun 13)
- Re: Blocking TCP flows? Jeff Kell (Jun 13)
- Re: Blocking TCP flows? QliX=D! [aka EHB] (Jun 14)
- Re: Blocking TCP flows? Eric Wustrow (Jun 14)
- Re: Blocking TCP flows? Phil Fagan (Jun 14)
- Re: Blocking TCP flows? Phil Fagan (Jun 16)