* Matthew Toseland <toad at amphibian.dyndns.org> [2007-02-11 00:50:31]:
> http://www.securityfocus.com/infocus/1843/3 > > Paper suggests that traffic flow analysis can in some cases be easier > than signature matching. Arguably there is some cost because the records > must be processed by separate hardware, otherwise there is a performance > cost; I am told this is why the support is turned off on most routers. > > Comments? If traffic flow analysis is cheap, then in the long term we > have serious problems. Well, there is nothing new here :) As p2p protocols start to use cryptography, it becomes easier to find alternate ways of matching them... Traffic analysis isn't cheap : it's becomming cheaper than other means, that's all. >From the article : their current "pattern" is : "For a period of time(x), from on single IP, fixed UDP port -> many destination IP(y), fixed or random UDP ports" We are safe from that when using darknet ;) According to the end of the article, they plan to use size of packets to identify the p2p traffic as well ... We are immune to that too as we do use random size padding, aren't we ? NextGen$
