[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor banned in Pakistan.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor banned in Pakistan.
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Thu, 08 Sep 2011 20:53:54 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Sep 2011 21:00:59 -0400
In-reply-to: <4E693AF7.3060204@xxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4E69325D.6090100@xxxxxxxxx> <4E693AF7.3060204@xxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100317)

> Very disturbing.   I wonder if its possible to hide encrypted traffic as
> seemingly unencrypted http traffic in much the same way as a gpg key is
> rendered as ascii armored, or stenographically inside images.  Although
> such methods may be inefficient, they may be good enough for some purposes.
>   

Of course .. any number of mechanisms exist to do exactly this, although
(generally speaking) it's not to provide a "live" VPN service. A
constant HTTP stream of nothing but .jpegs would be pretty suspicious.
Video-type services might be a better bet (because the traffic would be
more believable) but if you can't encrypt it, all that's required to
render the stego useless is to (slightly) re-encode it transparently
(eg: take your 640x480 MPEG stream and run it through ffmpeg to lower
the bitrate by 10k or some such).

One would detect this in the same way you do encrypted botnets .. you
stop looking for patterns *in* the traffic and start looking at *traffic
patterns* (ie: "that's odd, why is this machine doing a constant stream
of ICMP all of a sudden? .. what are these long DNS queries for?, why
are the HTTPS traffic ratios fairly symmetrical?" .. etc).

> It would be good to know what technologies these ISPs will implement to
> do the packet inspection for encrypted tunnels.  Half the problem is you
> don't really know what they'll be looking for and so you don't know how
> to circumvent.
>   

That's the key distinction here .. rather than try to "ban with
technology" (ie: "great firewall of china"), they went for "ban with
policy" .. meaning you'll likely never know if you're "getting away with
it" until the ISI shows up and drags you off.

I suppose a clever service would be for Twitter (et.al.) to allow you to
upload a keypair for stego and a https "twitpic" site that allowed each
image to be checked for a valid signature and stego'd text, which would
then be published.

Regards,

Michael Holstein
Cleveland State University


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor banned in Pakistan.
  - From: Dave Jevans
- Re: [tor-talk] Tor banned in Pakistan.
  - From: Matthew

References:
- [tor-talk] Tor banned in Pakistan.
  - From: Matthew
- Re: [tor-talk] Tor banned in Pakistan.
  - From: Anthony G. Basile

Prev by Author: Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
Next by Author: Re: [tor-talk] TBB 2.2.32 & Automatic Updates
Previous by thread: Re: [tor-talk] Tor banned in Pakistan.
Next by thread: Re: [tor-talk] Tor banned in Pakistan.
Index(es):
- Author
- Thread