Blocking TCP flows?

• Previous message (by thread): Blocking TCP flows?
• Next message (by thread): Blocking TCP flows?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think we just discussed this over in the huawei list ;-)

This is pretty awesome!


On Fri, Jun 14, 2013 at 12:30 PM, Eric Wustrow <ewust at umich.edu> wrote:

> Oddly enough, anticensorship. We use similar technology as the censors
> (DPI, flow blocking), but use our system in a non-censoring country's ISP
> to detect secret tags in connections from censored countries, and serve as
> a proxy for them. Once we detect a flow with a secret tag passing through
> the ISP, we block the real flow, and start spoofing half of the connection.
> We use this covert channel to communicate to the client and act as a proxy.
> To the censor, this looks like a normal connection to some innocuous,
> unrelated (and unblocked) website. The obvious difficulty is convincing
> ISPs to deploy such a proxy. More details can be found at
> https://telex.cc/
>
>
>
> On Fri, Jun 14, 2013 at 3:15 AM, Dobbins, Roland <rdobbins at arbor.net>
> wrote:
>
> >
> > On Jun 14, 2013, at 2:32 AM, Eric Wustrow wrote:
> >
> > > I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10
> > gbps link, with new blocked flows being dropped within a millisecond or
> so
> > of
> > > being added.
> >
> > What's the actual application for this mechanism?
> >
> > -----------------------------------------------------------------------
> > Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
> >
> >           Luck is the residue of opportunity and design.
> >
> >                        -- John Milton
> >
> >
> >
>



-- 
Phil Fagan
Denver, CO
970-480-7618

• Previous message (by thread): Blocking TCP flows?
• Next message (by thread): Blocking TCP flows?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]