ISP/VPN's to China?

Adrian Chadd adrian at creative.net.au
Wed Oct 21 20:56:04 CDT 2009


On Wed, Oct 21, 2009, Alex Balashov wrote:
> I was not aware that tools or techniques to do this are widespread or  
> highly functional in a way that would get them adopted in an Internet  
> access control application of a national scope.
> 
> Tell me more?

It's been a while since I tinkered with this for fun, but a quick abuse
of google gives one relatively useful starting paper:

http://ccr.sigcomm.org/online/files/p7-v37n1b-crotti.pdf

Now, if you were getting multiple overlapping fingerprints inside a
UDP packet stream you may conclude that it is a VPN tunnel of some
sort.

Just randomly padding the tunnel with a few bytes either side will
probably just fuzz the classifier somewhat. Aggregating the packets
up into larger packets may fuzz the classification methods but it
certainly won't make the traffic look like "something else".
It'll likely still stick out as being "different". :)



Adrian





More information about the NANOG mailing list