NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
Monday, June 30, 2008, 8:38:13 PM, you wrote: > I suspect I'm not the only person on this list to see this story on Slashdot > today. > http://tech.slashdot.org/article.pl?sid=08/06/30/0249249 The return volley has already been fired-- http://coderrr.wordpress.com/2008/06/28/detecting-ssh-tunnels/ >From the article-- "They claim their technique can differentiate between “normal” ssh or scp sessions and ssh sessions which are being used to tunnel traffic (through ssh’s port forwarding mechanism). This is accomplished through a naive Bayes classifier, which they first trained with “normal” ssh sessions. The two variables used to classify a session are the size of the packets and the difference in arrival time of two consecutive packets. With just these, they can classify with 99% accuracy whether an ssh session is a tunnel. They were also able to classify the actual protocol (P2P, POP, SMTP, HTTP) of the tunneled connection with close to 90% accuracy." -- Best regards, bj mailto:bj@bitchslappin.net