[ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?

To: "Jeff Craig" <lists@foxxtrot.net>
Subject: [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
From: "Craig Radcliffe" <chradcliffe@gmail.com>
Date: Wed, 2 Jul 2008 12:24:12 -0400
Cc: bj <bj@bitchslappin.net>, nnsquad@nnsquad.org

It's also important to note that making this sort of research public helps to inform users of a technology's weaknesses. Had this research not been performed (or disclosed), the users and developers of SSH tunneling technologies would be proceeding with a naive notion that the inner protocol is undetectable, despite ISPs' potential knowledge otherwise.

Disclosing vulnerabilities in security measures is necessary for improvements to the protocols and as warnings against relying on its features for critical communications. To do otherwise is security through obscurity.

On Tue, Jul 1, 2008 at 22:59, Jeff Craig <lists@foxxtrot.net> wrote:

On Tue, 2008-07-01 at 09:51 -0400, bj wrote:
> Yes, I did read it. The point is that it IS already being worked on.
> And it didn't take long for someone to see the potential financial
> benefit of working on it. It's only a matter of time before this makes
> its way into ISP systems. I betcha Comcast execs and the RIAA and
> Media Companies are foaming at the mouth waiting for this to mature,
> and passing piles of greenbacks under the table to hurry the process up.
>

But, there are plenty of potentially good security motives behind the
research as well. Being able to identify a protocol via statistical
analysis, even if that protocol is wrapped in an encrypted link, can
potentially be used to disrupt botnets, potentially identify actually
rogue traffic that standard deep packet inspection can't touch.

Are ISPs potentially looking at this technology as well? Quite
possibly. And that is a shame. However, having done network security
for companies in the past, I would implement this technology in a
heartbeat in several circumstances, particularly if it could more
reliably identify the underlying protocol.

I don't believe that the ISPs should be filtering the traffic their own,
since that results in them deciding what is 'okay'. However, this is
just a tool. A damn useful one.

Jeff Craig

References:
- [ NNSquad ] Blocking Comcast's Sandvine with simple firewall rules?
  - From: Brian Clapper <bmc@clapper.org>
- [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
  - From: bj <bj@bitchslappin.net>
- [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
  - From: Jeff Craig <lists@foxxtrot.net>
- [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
  - From: bj <bj@bitchslappin.net>
- [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
  - From: Jeff Craig <lists@foxxtrot.net>

Prev by Date: [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
Next by Date: [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
Previous by thread: [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
Next by thread: [ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
Index(es):
- Date
- Thread