On Mon, Feb 12, 2007 at 12:13:25PM +0000, Michael Rogers wrote: > Florent Daigni?re (NextGen$) wrote: > > * Matthew Toseland <toad at amphibian.dyndns.org> [2007-02-11 00:50:31]: > >> http://www.securityfocus.com/infocus/1843/3 > > Nasty - see also > http://www.cs.ucr.edu/~tkarag/papers/BLINC.pdf > > > We are safe from that when using darknet ;) > > Right, we just look like someone holding ten simultaneous 72-hour Skype > conversations. ;-) > > > According to the end of the article, they plan to use size of packets to > > identify the p2p traffic as well ... We are immune to that too as we do > > use random size padding, aren't we ? > > Only if everyone else uses random padding with the same statistical > distribution...
Well, that sort of stats put the cost up significantly, no? What's easy is what can be done with basic protocol, time started, time ended, data transferred, source, destination info, right? > > There seems to be two approaches we could take: > 1) Standardising approach: try to persuade a wide range of P2P and VoIP > projects to use the same encrypted UDP protocol. Lots of effort and > unlikely to succeed, but if it works we can hide among a large amount of > traffic, some of which will be politically awkward to block. Which is precisely why it's not likely to succeed. Most VOIP isn't even encrypted. > 2) Guerrilla approach: keep writing new transport plugins and try to > stay ahead of the filters. The problem is that you know when you've been > filtered, but you don't know when you've been logged. Yeah, not knowing your enemy is a problem. A bigger problem is that wrapping our data in stego transports is irrelevant if they can easily identify "either this is a freenet node or it's 10 simultaneous permanent skype conversations". > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070214/be80e667/attachment.pgp>
