[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
-----BEGIN PGP SIGNED MESSAGE-----
Brandon Wiley wrote:
> This is
> an interesting method of obfuscation as it seems like it would interfere to
> some extent with the three most popular DPI techniques: string matching,
> packet lengths, and packet timings. However, like most obfuscation methods
> this method seems like it would not be effective once the censor was aware
> of the method as they could just add more filtering rules to filter out the
> fake packets.
I belive (or i hope, only the research will make a definitive answer)
Not. because sniffjoke use only plausible packets in the network,
exploiting the "ambiguity" that every sniffer found to face, when choose
if accept a packets or not as part of the streams under tracking.
so there are not a pattern of "fake packets", also because all the
"good" packets are modified too expecting to confound statistical analysis.
> I'd like to know more about the details of how sniffjoke works, so please
> let me know if you can provide any additional details.
sorry, my documentations really sucks :) anyway the evening I've drank a
lot of yerba mate, and the sleep deprivation has results in a totally
new amount of contents.
in logic order:
p.s. sorry for my poor english, I wish the technical information will be
understandable beside the grammar damages :P
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
tor-talk mailing list