[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation

Sniffjoke looks interesting. I'm having trouble finding a clear description of what it actually does to the packets to get them past DPI filters. The best description I could find mentions insertion of fake packets which will be discarded by the receiver but which will confuse the filter. [1] This is an interesting method of obfuscation as it seems like it would interfere to some extent with the three most popular DPI techniques: string matching, packet lengths, and packet timings. However, like most obfuscation methods this method seems like it would not be effective once the censor was aware of the method as they could just add more filtering rules to filter out the fake packets.

I'd like to know more about the details of how sniffjoke works, so please let me know if you can provide any additional details.

[1] http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-howto-details

On Tue, May 17, 2011 at 10:09 AM, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:
On 5/17/11 11:12 AM, vecna wrote:
> Hi tor guys,
> encrypted traffic analysis is an analysis apply to an encrypted session
> in order not to disclose the protected data, but to detect the protocol
> protected.

> 1) try a blocked TOR version in IRAN, to verify if the session is
> protected from the anti-TOR tech

That's what i asked some time ago to try your sniffjoke:

Some volunteer proporsed to provide a port-forwarding to exit from Iran,
but we would need 'raw socket' access to a linux machine to verify how
effectively sniffjoke bypass the Iranian Deep Packet Inspection Systems.

tor-talk mailing list

tor-talk mailing list