From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] How to fight with encrypted p2p
Date: Tue, 13 Nov 2007 15:53:26 +0000 [thread overview]
Message-ID: <4739C876.4020602@riverviewtech.net> (raw)
In-Reply-To: <20071112015107.4ECBBEB2BB@f05.poczta.interia.pl>
On 11/13/07 09:37, Carl-Daniel Hailfinger wrote:
> Well, you can surely try. But then again, I have been doing research
> (publication pending) in traffic-pattern-based detection of VoIP
> flows and peer-to-peer connections. While it usually is easy to find
> a pattern matching your particular traffic class very well, part of
> this research has been dedicated to automatically circumvent these
> systems. Why that? Simple. Application evolve to circumvent
> detection. If you can simulate that evolution in the lab, you can
> find out where your detection algorithms will fail. Of course, that
> enumeration of possible failure modes is non-exhaustive.
>
> Bottom line: This is an arms race. Unless you do lots of research and
> testing, detection will always be trying to catch up. If detection
> manages to catch up, circumvention will advance, but you may have a
> small time window where you can enjoy the "win". However, winning
> becomes more and more expensive. Clients can expend considerable
> amount of CPU power to avoid detection. You don't have that luxury in
> filter systems unless you have one filter per client.
All very good points with regard to pattern based detecting P2P (and the
likes) traffic. What do you think about recognizing the traffic you do
want and treating all else as a second or third class citizen. Or is
this just a form of net neutrality? Or really is this entire discussion
such. Further does the net neutrality issue apply to companies (read:
non ISPs) wanting to filter their own internal traffic.
Additionally as an aside will you please provide more information on
your pending publication? I'd likely be curious to read (what ever)
when ever it is published. Thanks in advance.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-11-13 15:53 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-12 1:51 [LARTC] How to fight with encrypted p2p sAwAr
2007-11-12 3:55 ` Mohan Sundaram
2007-11-12 7:02 ` David Bierce
2007-11-12 11:17 ` sawar
2007-11-13 11:58 ` Marcin Stanczyk
2007-11-13 15:09 ` Grant Taylor
2007-11-13 15:37 ` Carl-Daniel Hailfinger
2007-11-13 15:53 ` Grant Taylor [this message]
2007-11-13 16:32 ` Marco Aurelio
2007-11-14 9:42 ` Klaus
2007-11-14 14:32 ` Sébastien CRAMATTE
2007-11-14 14:44 ` Sébastien CRAMATTE
2007-12-02 11:42 ` Andrew Beverley
2007-12-03 10:49 ` Gustin Johnson
2007-12-03 19:33 ` Andrew Beverley
2007-12-10 13:37 ` the sew
2007-12-10 14:09 ` Mario Antonio Garcia
2007-12-10 14:28 ` the sew
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4739C876.4020602@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.