[opendtv] Re: Catching the Broadcast Flag on its way upstream
- From: "Kon" <kon@xxxxxxxxxxxxxxxx>
- To: opendtv@xxxxxxxxxxxxx
- Date: Wed, 28 Apr 2004 17:25:15 -0400
What if I set up a P2P service that runs on port 80 and only accepts
encrypted files? What if I create an encrypted tunnel through this
clever device on a well-known port like SMTP or HTTP? Even ROT13
encryption would defeat this system.
So you say 'ok, then scan the large files'. Well, what if said P2P
service comes with a client tool to split the encrypted files into
random filesizes, and deliver them in a random order. Just tack some
arbitary identifier header on the file and you're good to go.
You need a sophisticated IDS system to nail this type of activity, and
if the data is encrypted, well, good luck.
However, for those sharing on a network such as Kazaa and not
encrypting data, they are easily foiled. A simple sniffer at the local
POP would solve the problem. Scan the packets on the Kazaa/P2P ports,
and just send the offending user a spoofed TCP RST packet. This works
like a charm, and can be implemented on any small device running say
linux, or even a windows workstation - the only problem is parsing the
packets over the local pop. As bandwidth to each user increases this
becomes harder to do -- P2P networks have a tendency to swarm and
saturate a link. However, once you get over the hurdle of resetting
that first 60% of users, your life becomes easy as the packet rate
decreases rapidly. Reset one endpoint and all endpoints feeding him
will time out.
Multicast is harder to 'jam', and the best option is still to set a low
TTL on the transmitter, or fix it in code so it can't be increased
beyond local area distribution.
If my SocketJammer interests anyone, feel free to contact me offline
(yes, you can also use this to kill offensive IM clients polluting the
enterprise network with packets) :)
Cheers
Kon
> I think it would be possible for ISPs to
> have a firewall at their point of access to their subscribers
> that basically scans all upstream traffic aimed at the Internet
> and "catches" anything that contains a Broadcast Flag Identifier
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
Other related posts:
