Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.security > #421

Re: Does VPN traffic stand out from other traffic to the ISP?

From "ps56k" <pschuman_no5pam_m3@interserv.com>
Newsgroups comp.os.linux.security, comp.dcom.vpn, alt.internet.wireless
Subject Re: Does VPN traffic stand out from other traffic to the ISP?
Date 2014-01-29 11:19 -0600
Organization me
Message-ID <lcbd7j$33b$1@dont-email.me> (permalink)
References <lc9ga3$doq$3@news.mixmin.net> <lc9l5p$1j0$1@dont-email.me>

Cross-posted to 3 groups.

Show all headers | View raw

interesting - just reading the thread....

"Lusotec" <nomail@nomail.not> wrote in message 
news:lc9l5p$1j0$1@dont-email.me...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Cordell James wrote:
>> What does the ISP actually *see* when VPN
>> is trafficking his network?
>
> The ISP sees the encrypted packets stream, the TCP/IP packets headers, the
> packets sizes and the packets times.
>
> With the above information and without any significant computational power
> it is possible to infer what kind of traffic is going through the VPN 
> (e.g.
> http, POP, interactive terminal/vnc/rdp session).
>
> Some VPN minimize/prevent this information leak by smoothing/flattening 
> the
> packets sizes and times distributions, for example by constantly filling 
> the
> channel with data to produce a constant rate of same sized packets. Dummy
> data is sent when there is no actual data to send.
>
>> I realize he sees "gibberish", but, can he
>> just look at that gibberish and say "that
>> looks a lot like my subscriber is using VPN"?
>
> Yes and depending on the VPN software they may even be able to say "that
> looks a lot like a VNC transmitting HTTP/IMAP/vnc/whatever traffic.
>
>> Does VPN traffic stand out from other traffic?
>
> Yes. It is very easy to spot encrypted traffic among all the traffic and
> different kinds of encrypted traffic (e.g. https, ssh, vpn, openssl, tor,
> imaps, pops) have somewhat distinct handshake and early traffic patterns 
> so
> it is possible to make an educated guess on what kind of encrypted traffic
> it is.
>
> This kind of information leak can by minimized.
>
> - - Fill the channel with dummy data and use traffic shaping to flatten 
> the
> packets distribution while transmitting the dummy traffic with the least
> priority, so that your real traffic can get to the destination with 
> minimal
> delay.
>
> - - Multiplex/mix traffic in a single channel.
>
> - - Use a less suspicious encryption channel (e.g. https) to encrypt a 
> more
> suspicious encryption channel (e.g. vpn).
>
> - - Use proxies with lots of encrypted traffic to obscure your own 
> traffic.
>
> - - Use proxy chaining, preferably in various countries.
>
> - - Use tor to anonymize your traffic and also give you plausible 
> deniability.
>
> The above is more than enough to defeat a ISP level adversary but for
> nation/state level adversaries always remember that brute-force 
> rubber-hose
> decryption is very effective and computationally free.
>
> Regards
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iF4EAREIAAYFAlLoV/kACgkQGQjO2ccW76rODQD/QvXhqVU6wS8O+Exzz5NP627r
> eJiyzfeCkR6bClpmeSIA/R/9GGbNXyv10LI9LmpOGxQJw1fo3FlmpnIYivc+l2yv
> =ghyQ
> -----END PGP SIGNATURE-----
>

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Does VPN traffic stand out from other traffic to the ISP? Cordell James <cordell.james@gmail.com> - 2014-01-29 00:00 +0000
  Re: Does VPN traffic stand out from other traffic to the ISP? Lusotec <nomail@nomail.not> - 2014-01-29 01:23 +0000
    Re: Does VPN traffic stand out from other traffic to the ISP? "ps56k" <pschuman_no5pam_m3@interserv.com> - 2014-01-29 11:19 -0600
    Re: Does VPN traffic stand out from other traffic to the ISP? ohreally <ohreally@maybenot.org> - 2014-01-30 06:09 +0000
      Re: Does VPN traffic stand out from other traffic to the ISP? Lusotec <nomail@nomail.not> - 2014-01-30 12:42 +0000
    Re: Does VPN traffic stand out from other traffic to the ISP? ohyeah <ohyea@idonthingso.com> - 2014-01-31 02:44 +0000
      Re: Does VPN traffic stand out from other traffic to the ISP? Thomas Keusch <fwd+usenet-spam2013q4-1391351858@spam2013q4.bsd-solutions-duesseldorf.de> - 2014-02-02 14:43 +0000
        Re: Does VPN traffic stand out from other traffic to the ISP? Dave <noone$$@llondel.org> - 2014-02-16 21:58 -0800
  Re: Does VPN traffic stand out from other traffic to the ISP? Jared Twyler <admin@intl-alliance.com> - 2014-12-28 13:48 -0800

csiph-web