Loading ...
Sorry, an error occurred while loading the content.

Re: Re: detecting waste traffic

Expand Messages
  • Luca Andreucci
    ... you bet it matters. since (as I take it, still haven t done direct investigation) all traffic, including routing info and such, gets encrypted, the key
    Message 1 of 8 , Oct 1, 2003
    • 0 Attachment
      > > Does not being able to fingerprint the key exchange matter?

      you bet it matters. since (as I take it, still haven't done direct
      investigation) all traffic, including routing info and such, gets encrypted,
      the key exchange may be the only hook for fingerprinting WASTE traffic. That
      is to say that I'm not surprised if special care was put in making this
      traffic at least very difficult to fingerprint.

      > > Can anyone think of any more ?

      like someone already pointed out in the list, limiting allowed outgoing
      traffic along with the use of application proxies greatly limits the ability
      to use these kind of applications. the app proxies can be fooled with
      protocol tunneling a-la Corkscrew or others, still as someone said here, but
      with cost and difficulties, and given that the proxies are not content-aware
      (or not enough, I mean).

      > Well.. You see, you actually *can* block Kazaa, it jsut takes technology.
      > Since Kazaa is all unencrypted, you can use a sniffing host (I believe
      > there is ap lugin for the Snort IDS)

      correct.

      > To my knowledge, not many ISP's even use
      > something like this for Kazaa because it takes money..

      moreover, actively blocking traffic always leaves you with the problem of
      false positives, i.e. erroneously blocking legitimate traffic.

      > I think the bandwidth
      > usage and capping is probably less than the cost of implementing such an
      > idea.

      check this:

      http://www.fourmilab.com/documents/digital-imprimatur/

      -- andrew
    Your message has been successfully submitted and would be delivered to recipients shortly.