Full Disclosure mailing list archives
Re: DPI evasion
From: gremlin () gremlin ru
Date: Tue, 18 Dec 2012 13:29:54 +0400
On 17-Dec-2012 18:24:36 +0700, kai () rhynn net wrote:
Commercial VPN's (at least in the uk) need to keep login and out times for accounts, this can be used to confirm you where on-line at the same time as mp3 where being shared from that VPN
That's a good reason to keep the connection persistent.
in Russia all ISPs have to use SORM (http://en.wikipedia.org/wiki/SORM#SORM-2) which (as far as i know) marks every passing packet with special fingerprint, to have the full evidence who and when has downloaded that illegal mp3
It does not, because it works in a completely different manner: upon getting the request from outside, it starts gathering the traffic according to requested criteria. Consider this equipment as a Linux host with tcpdump (which it really is, with added interface that even a police officer can use).
(or who blames the government on twitter).
Twitter is very restrictive for that - to blame the governments in the way they really deserve, one needs to write several megabytes :-)
so how do you think, assuming that there are no backdoors (and possible MITM attacks) in SSL and SSH2 protocols, will ISPs be able to read users' emails and intercept other sensitive data (mp3s :-) ) which was sent over SSL+SSH?
Normally no, but... there are rumors about one Asian state being able to bruteforce Rijndael encryption using custom hardware.
or should we use some other technics/protocols?
More users on VPN servers + random delays on both VPN and outer interfaces == less correlation between users and data streams. -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DPI evasion kai (Dec 17)
- Message not available
- Re: DPI evasion kai (Dec 17)
- Re: DPI evasion gremlin (Dec 20)
- Re: DPI evasion kai (Dec 17)
- Message not available
- Re: DPI evasion gremlin (Dec 17)
- Re: DPI evasion gold flake (Dec 17)