[84022] in North American Network Operators' Group
Re: P2P Darknets to eclipse bandwidth management?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Sep 2 08:44:13 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>, nanog@merit.edu
Date: Fri, 02 Sep 2005 14:43:03 +0200
In-Reply-To: <Pine.LNX.4.44.0509021132570.24136-100000@server2.tcw.telecomplete.net>
(Stephen J. Wilcox's message of "Fri, 2 Sep 2005 11:38:15 +0100
(BST)")
Errors-To: owner-nanog@merit.edu
* Stephen J. Wilcox:
> packet inspection will just evolve, thats the nature of this
> problem.. there are things you can find out from encrypted flows -
> what the endpoints and ports are, who the CA is. then you can look
> at the characteristics of the data.
These protocols typically don't use a PKI. You could look at public
keys, but you don't even have to distribute them in-band.
What you can do is look at packet sizes and do timing analysis on
incoming and outgoing packets to a particular hosts. For example, it
is possible to use such techniques to detect an interactive SSH
connection to a particular host on your network which is used by an
attacker to control an SSH client which connects to some other host.
I don't know how this scales to tens of thousands of hosts, though.
Apart from that, I do not really understand the concept of "bandwidth
management". Isn't this this just an euphemism for "content
management", to avoid the ugly "c" word?
