[tor-talk] passive analysis of encrypted traffic and traffic obfuscation
Brandon Wiley
brandon at blanu.net
Tue May 17 19:24:43 UTC 2011
Sniffjoke looks interesting. I'm having trouble finding a clear description
of what it actually does to the packets to get them past DPI filters. The
best description I could find mentions insertion of fake packets which will
be discarded by the receiver but which will confuse the filter. [1] This is
an interesting method of obfuscation as it seems like it would interfere to
some extent with the three most popular DPI techniques: string matching,
packet lengths, and packet timings. However, like most obfuscation methods
this method seems like it would not be effective once the censor was aware
of the method as they could just add more filtering rules to filter out the
fake packets.
I'd like to know more about the details of how sniffjoke works, so please
let me know if you can provide any additional details.
[1]
http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-howto-details
On Tue, May 17, 2011 at 10:09 AM, Fabio Pietrosanti (naif) <
lists at infosecurity.ch> wrote:
> On 5/17/11 11:12 AM, vecna wrote:
> > Hi tor guys,
> >
> > encrypted traffic analysis is an analysis apply to an encrypted session
> > in order not to disclose the protected data, but to detect the protocol
> > protected.
> COOL!!!!
>
> > 1) try a blocked TOR version in IRAN, to verify if the session is
> > protected from the anti-TOR tech
>
> That's what i asked some time ago to try your sniffjoke:
> https://lists.torproject.org/pipermail/tor-talk/2011-March/019877.html
>
> Some volunteer proporsed to provide a port-forwarding to exit from Iran,
> but we would need 'raw socket' access to a linux machine to verify how
> effectively sniffjoke bypass the Iranian Deep Packet Inspection Systems.
>
> -naif
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110517/06c28d8b/attachment-0001.htm>
More information about the tor-talk
mailing list