[tor-talk] passive analysis of encrypted traffic and traffic obfuscation

vecna vecna at s0ftpj.org
Wed May 18 04:09:59 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brandon Wiley wrote:
> This is
> an interesting method of obfuscation as it seems like it would interfere to
> some extent with the three most popular DPI techniques: string matching,
> packet lengths, and packet timings. However, like most obfuscation methods
> this method seems like it would not be effective once the censor was aware
> of the method as they could just add more filtering rules to filter out the
> fake packets.
I belive (or i hope, only the research will make a definitive answer)
Not. because sniffjoke use only plausible packets in the network,
exploiting the "ambiguity" that every sniffer found to face, when choose
if accept a packets or not as part of the streams under tracking.

so there are not a pattern of "fake packets", also because all the
"good" packets are modified too expecting to confound statistical analysis.

> I'd like to know more about the details of how sniffjoke works, so please
> let me know if you can provide any additional details.
> 
> [1]
> http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-howto-details

sorry, my documentations really sucks :) anyway the evening I've drank a
lot of yerba mate, and the sleep deprivation has results in a totally
new amount of contents.

in logic order:

http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-how-does-work
http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/
http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-locations
http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-howto-packet-scrambling
http://www.delirandom.net/sniffjoke/sniffjoke-howto-usage/sniffjoke-howto-tcp-hacks

p.s. sorry for my poor english, I wish the technical information will be
understandable beside the grammar damages :P

cheers,
vecna
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFN00aXuEIJPcZ2VDARAgeCAKDReDl1Sk2/p3a5b3KvubXj1AO9HwCfThsW
0Sg2D86G95LrxgOzezO7qFM=
=QbtT
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list