Hi, i was wondering how it could be possible to bring some kind of denial of service to impact the functionalities and/or reduce the performance of the systems users by massive passive wiretapper listening on the fibers.
So, what a massive passive tapping is listening and how it's processing it's data? I expect that's recording: - Content of all traffic, with very specific exception to record only what's useful [1] - Database's stored transaction of all new connection with timestamp, source, destination - Database's stored metadata of processed traffic's content On the recorded data, there's a set of batchs that process the internet traffic to apply "normalization" and "parsing" logic, that extract useful metadata and load that into a database. This is to enable analyst's automated and manual query over that data. So, given the previously defined assumption, what cipherpunks can do to engage in trolling the massive passive wiretapper? We can use different strategies: - Fill up the transaction records, stored into the database - Fill up the metadata records, stored into the database - Fill up what is being recorded into the Petabyte storage (raw records) - Attacks the backend processing's batch process that analize the data to extract metdata This can be done by carefully generating internet traffic, specifically targeting our goals, and only "good traffic" that must be recorded and processed. The first thing to do is to choose the two phisical locations between where to generate the traffic. We want "inject" our traffico into the massive passive wirtapper system, so can choose to target their wiretapping system on international fiber that are known to be recorded, for example between UK and US. Bandwidth in US and UK is also quite cheap, so this would be a nice place to work on. We may choose to make traffic between UK and US, where bandwidth is cheap and there's a reasonable evidence that fibers are being massively recorded. Then we need to prepare the right pattern of traffic, being cleartext SMTP, HTTP, POP3, other, that will be exchanged between the two peers at full speed. The traffic we need to generate has to be compressed, in order to increase the load we put on the massive passive wiretapper decoding processes, amplifying the amount of data generated. If we assume a properly done 400% protocol compression ratio, with 100TB monthly data we may generate 400TB of data on wiretapper system. By some calculation 100TB of traffic can cost $250/month, so two peer could cost $500/month generating on the target system 400TB of data (100TB with an amplification factor of 400% due to protocol compression) . If 100 volounteer invest $500/month, so $50.000/month, we would be generating 40.000TB/month, 40 Petabyte/month, on the massive passvie wiretapper infrastructure. Those would be only "good traffic to be processed" and not youtube/youporn traffic that the wiretapper is likely to discard. It would be a nice way to technically troll them? [1] It's reasonable that there are exception not recording traffic to very high bandwidth video services (such as youtube or netfliex) because they are not very useful from intelligence perspective but represent between 50-70% of internet traffic. So, unuseful traffic recorded would use 50-70% of storage? Just don't record it! -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.