Run a Tor exit node? ;) On 09/14/2013 05:35 PM, Fabio Pietrosanti (naif) wrote: > Hi, > > i was wondering how it could be possible to bring some kind of denial of > service to impact the functionalities and/or reduce the performance of > the systems users by massive passive wiretapper listening on the fibers. > > So, what a massive passive tapping is listening and how it's processing > it's data? > > I expect that's recording: > - Content of all traffic, with very specific exception to record only > what's useful [1] > - Database's stored transaction of all new connection with timestamp, > source, destination > - Database's stored metadata of processed traffic's content > > On the recorded data, there's a set of batchs that process the internet > traffic to apply "normalization" and "parsing" logic, that extract > useful metadata and load that into a database. This is to enable > analyst's automated and manual query over that data. > > So, given the previously defined assumption, what cipherpunks can do to > engage in trolling the massive passive wiretapper? > > We can use different strategies: > - Fill up the transaction records, stored into the database > - Fill up the metadata records, stored into the database > - Fill up what is being recorded into the Petabyte storage (raw records) > - Attacks the backend processing's batch process that analize the data > to extract metdata > > This can be done by carefully generating internet traffic, specifically > targeting our goals, and only "good traffic" that must be recorded and > processed. > > The first thing to do is to choose the two phisical locations between > where to generate the traffic. > > We want "inject" our traffico into the massive passive wirtapper system, > so can choose to target their wiretapping system on international fiber > that are known to be recorded, for example between UK and US. > Bandwidth in US and UK is also quite cheap, so this would be a nice > place to work on. > We may choose to make traffic between UK and US, where bandwidth is > cheap and there's a reasonable evidence that fibers are being massively > recorded. > > Then we need to prepare the right pattern of traffic, being cleartext > SMTP, HTTP, POP3, other, that will be exchanged between the two peers at > full speed. > > The traffic we need to generate has to be compressed, in order to > increase the load we put on the massive passive wiretapper decoding > processes, amplifying the amount of data generated. If we assume a > properly done 400% protocol compression ratio, with 100TB monthly data > we may generate 400TB of data on wiretapper system. > > By some calculation 100TB of traffic can cost $250/month, so two peer > could cost $500/month generating on the target system 400TB of data > (100TB with an amplification factor of 400% due to protocol compression) . > > If 100 volounteer invest $500/month, so $50.000/month, we would be > generating 40.000TB/month, 40 Petabyte/month, on the massive passvie > wiretapper infrastructure. > > Those would be only "good traffic to be processed" and not > youtube/youporn traffic that the wiretapper is likely to discard. > > It would be a nice way to technically troll them? > > [1] It's reasonable that there are exception not recording traffic to > very high bandwidth video services (such as youtube or netfliex) because > they are not very useful from intelligence perspective but represent > between 50-70% of internet traffic. So, unuseful traffic recorded would > use 50-70% of storage? Just don't record it! >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
