On Fri, Oct 17, 2014 at 2:49 PM, Bret Lambert <bret.lamb...@gmail.com> wrote: > Well, if, as Herr Schroeder seems to be implying, this is used to > avoid port scans, I'd look for traffic to/from address:port which > don't show up on scans.
That's why I want to hide it behind an ordinary service. >> Also, the VPN could be tunneled >> over HTTP if necessary. > I know of at least one company which sells a product which doesn't > just read headers, but classifies traffic based upon behavior, e.g., > "small request receives large response -> bulk transfer", or > "series of tiny packets which receive a single, larger response -> > interactive session". I assume nation-states have developed similar > capabilities. That's fine. But they have to analyze all the traffic. This is a needle in a haystack. > The ability to use statistical methods to eavesdrop on encrypted > SIP sessions comes to mind as an example of traffic analysis as a > tool to defeat adversaries who are attempting to secure their > communications. Again, a needle in a haystack. Please read the OP before refuting stuff on the list. If you want to argue, and you aren't sure of your argument, e-mail me off the list. Otherwise it just adds to the general level of confusion, which is already higher than I'd expected on this list. Thanks, Ian
