It's also important to note that making this sort of research public helps to inform users of a technology's weaknesses. Had this research not been performed (or disclosed), the users and developers of SSH tunneling technologies would be proceeding with a naive notion that the inner protocol is undetectable, despite ISPs' potential knowledge otherwise.
Disclosing vulnerabilities in security measures is necessary for improvements to the protocols and as warnings against relying on its features for critical communications. To do otherwise is security through obscurity. On Tue, Jul 1, 2008 at 22:59, Jeff Craig <[EMAIL PROTECTED]> wrote: > On Tue, 2008-07-01 at 09:51 -0400, bj wrote: > > Yes, I did read it. The point is that it IS already being worked on. > > And it didn't take long for someone to see the potential financial > > benefit of working on it. It's only a matter of time before this makes > > its way into ISP systems. I betcha Comcast execs and the RIAA and > > Media Companies are foaming at the mouth waiting for this to mature, > > and passing piles of greenbacks under the table to hurry the process up. > > > > But, there are plenty of potentially good security motives behind the > research as well. Being able to identify a protocol via statistical > analysis, even if that protocol is wrapped in an encrypted link, can > potentially be used to disrupt botnets, potentially identify actually > rogue traffic that standard deep packet inspection can't touch. > > Are ISPs potentially looking at this technology as well? Quite > possibly. And that is a shame. However, having done network security > for companies in the past, I would implement this technology in a > heartbeat in several circumstances, particularly if it could more > reliably identify the underlying protocol. > > I don't believe that the ISPs should be filtering the traffic their own, > since that results in them deciding what is 'okay'. However, this is > just a tool. A damn useful one. > > Jeff Craig > >
