

Encrypted P2P Traffic No Longer Safe From Throttling - coderrr
http://coderrr.wordpress.com/2008/06/28/detecting-ssh-tunnels/

======
PStamatiou
"Although their research is quite interesting there are a few things which
limit its practicality. They can only detect tunnels going through ssh servers
which they control."

and only I control my server, so I'm good to go.

~~~
cstejerean
"They also require the ssh server _and_ client to disable compression."

That's pretty far from actually allowing ISPs to identify encrypted P2P
traffic.

------
sanj
It's time for the camouflage to get updated.

~~~
jrockway
Yeah. In the end, P2P protocols will just end up looking like HTTP requests
and responses, with encrypted data steganographically encoded in what looks
like your online bank. (Maybe incoming HTTP requests to a home DSL line would
look suspicious, so let's make it XMPP or something.)

You can't filter the Internet. You can't break encryption. These are the
realities of the Internet, so the ISPs had better start turning on their dark
fiber. Sparing a nuclear war, Internet use is never going to decrease. Stop
fighting entropy and "roll with it."

~~~
evgen
Sorry to burst your delusional bubble, but you don't need to break encryption
in this case. The term to describe this particular "attack" is traffic
analysis, and it is a real bitch to get around. P2P protocols will not end up
looking like HTTP requests and responses because the nature of the information
flow is nothing like a standard HTTP exchange; you do not send a small packet,
get back a large chunk, and then exchange small updates -- when P2P traffic
flows it is large chunks and its bidirectional nature is a dead giveaway.

The application of a simple Bayesian recognizer to categorize traffic flows
might be new to the academic community, but among people developing large-
scale traffic management and security monitors this is really old stuff.

------
geuis
this story has absolutely nothing to do with ISP throttling. If people
continue using subjects that are just trying to be attention grabbers, HN will
end up like digg.

To sum up the _actual_ story, researchers used Bayesian learning filters to
identify the type of encrypted tunnels that are going through your ssh server
within 90-99% accuracy. Has absolutely nothing to do with ISP throttling p2p.

