[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
From: Brandon Wiley <brandon@xxxxxxxxx>
Date: Tue, 17 May 2011 14:24:43 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 May 2011 15:25:02 -0400
In-reply-to: <4DD28FAD.7000000@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4DD23BFF.4090709@xxxxxxxxxx> <4DD28FAD.7000000@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Sniffjoke looks interesting. I'm having trouble finding a clear description of what it actually does to the packets to get them past DPI filters. The best description I could find mentions insertion of fake packets which will be discarded by the receiver but which will confuse the filter. [1] This is an interesting method of obfuscation as it seems like it would interfere to some extent with the three most popular DPI techniques: string matching, packet lengths, and packet timings. However, like most obfuscation methods this method seems like it would not be effective once the censor was aware of the method as they could just add more filtering rules to filter out the fake packets.

I'd like to know more about the details of how sniffjoke works, so please let me know if you can provide any additional details.

[1] http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-howto-details

On Tue, May 17, 2011 at 10:09 AM, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:

On 5/17/11 11:12 AM, vecna wrote:
> Hi tor guys,
>
> encrypted traffic analysis is an analysis apply to an encrypted session
> in order not to disclose the protected data, but to detect the protocol
> protected.

COOL!!!!

> 1) try a blocked TOR version in IRAN, to verify if the session is
> protected from the anti-TOR tech

That's what i asked some time ago to try your sniffjoke:
https://lists.torproject.org/pipermail/tor-talk/2011-March/019877.html

Some volunteer proporsed to provide a port-forwarding to exit from Iran,
but we would need 'raw socket' access to a linux machine to verify how
effectively sniffjoke bypass the Iranian Deep Packet Inspection Systems.

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
  - From: vecna

References:
- [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
  - From: vecna
- Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
  - From: Fabio Pietrosanti (naif)

Prev by Author: [tor-talk] how get more bridges address
Next by Author: [tor-talk] GSoC Student Introduction - Blocking-resistant Transport Evaluation Framework
Previous by thread: Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
Next by thread: Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
Index(es):
- Author
- Thread