[84140] in North American Network Operators' Group
Re: P2P Darknets to eclipse bandwidth management?
daemon@ATHENA.MIT.EDU (Chip Mefford)
Tue Sep 6 14:28:45 2005
Date: Tue, 06 Sep 2005 14:28:09 -0400
From: Chip Mefford <cpm@well.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "Stephen J. Wilcox" <steve@telecomplete.co.uk>,
"Fergie (Paul Ferguson)" <fergdawg@netzero.net>, nanog@merit.edu
In-Reply-To: <87ek87y71k.fsf@mid.deneb.enyo.de>
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Florian Weimer wrote:
> * Stephen J. Wilcox:
>
>
>>packet inspection will just evolve, thats the nature of this
>>problem.. there are things you can find out from encrypted flows -
>>what the endpoints and ports are, who the CA is. then you can look
>>at the characteristics of the data.
>
>
> These protocols typically don't use a PKI. You could look at public
> keys, but you don't even have to distribute them in-band.
>
> What you can do is look at packet sizes and do timing analysis on
> incoming and outgoing packets to a particular hosts. For example, it
> is possible to use such techniques to detect an interactive SSH
> connection to a particular host on your network which is used by an
> attacker to control an SSH client which connects to some other host.
> I don't know how this scales to tens of thousands of hosts, though.
>
> Apart from that, I do not really understand the concept of "bandwidth
> management". Isn't this this just an euphemism for "content
> management", to avoid the ugly "c" word?
In my complete ignorance, I would think that this is part of it
certainly, but would be mostly qos issues.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDHd+50STXFHxUucwRAnECAJ9zU2jRyCVB/ViE6vyELChQKASlDACglOk9
4aP9ur2gJ+CpQCdaIqE+ZAk=
=1BZ/
-----END PGP SIGNATURE-----
