Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
- Posted on
- Cordell James
January 29, 2014, 12:00 am
rate this thread
Re: Does VPN traffic stand out from other traffic to the ISP?
Cordell James wrote:
The ISP sees the encrypted packets stream, the TCP/IP packets headers, the
packets sizes and the packets times.
With the above information and without any significant computational power
it is possible to infer what kind of traffic is going through the VPN (e.g.
http, POP, interactive terminal/vnc/rdp session).
Some VPN minimize/prevent this information leak by smoothing/flattening the
packets sizes and times distributions, for example by constantly filling the
channel with data to produce a constant rate of same sized packets. Dummy
data is sent when there is no actual data to send.
Yes and depending on the VPN software they may even be able to say "that
looks a lot like a VNC transmitting HTTP/IMAP/vnc/whatever traffic.
Yes. It is very easy to spot encrypted traffic among all the traffic and
different kinds of encrypted traffic (e.g. https, ssh, vpn, openssl, tor,
imaps, pops) have somewhat distinct handshake and early traffic patterns so
it is possible to make an educated guess on what kind of encrypted traffic
This kind of information leak can by minimized.
- - Fill the channel with dummy data and use traffic shaping to flatten the
packets distribution while transmitting the dummy traffic with the least
priority, so that your real traffic can get to the destination with minimal
- - Multiplex/mix traffic in a single channel.
- - Use a less suspicious encryption channel (e.g. https) to encrypt a more
suspicious encryption channel (e.g. vpn).
- - Use proxies with lots of encrypted traffic to obscure your own traffic.
- - Use proxy chaining, preferably in various countries.
- - Use tor to anonymize your traffic and also give you plausible deniability.
The above is more than enough to defeat a ISP level adversary but for
nation/state level adversaries always remember that brute-force rubber-hose
decryption is very effective and computationally free.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
- » Which free public vpn service do you recommend for Ubuntu?
- — Next thread in » Virtual Private Networks
- » What's a good freeware VPN server nowadays for basic web traffic
- — Previous thread in » Virtual Private Networks
- » Live FortiGate II Training and Certification Courses Online
- — Newest thread in » Virtual Private Networks
- » Exactly how, and when, technical analysis works for Centurylink [telecom]
- — The site's Newest Thread. Posted in » General Telecommunications Forum