ISP/VPN's to China?

Adrian Chadd adrian at
Wed Oct 21 20:56:04 CDT 2009

On Wed, Oct 21, 2009, Alex Balashov wrote:
> I was not aware that tools or techniques to do this are widespread or  
> highly functional in a way that would get them adopted in an Internet  
> access control application of a national scope.
> Tell me more?

It's been a while since I tinkered with this for fun, but a quick abuse
of google gives one relatively useful starting paper:

Now, if you were getting multiple overlapping fingerprints inside a
UDP packet stream you may conclude that it is a VPN tunnel of some

Just randomly padding the tunnel with a few bytes either side will
probably just fuzz the classifier somewhat. Aggregating the packets
up into larger packets may fuzz the classification methods but it
certainly won't make the traffic look like "something else".
It'll likely still stick out as being "different". :)


More information about the NANOG mailing list