Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Encrypted Traffic No Longer Safe From Throttling

CmdrTaco posted more than 6 years ago | from the didn't-think-it-was dept.

Networking 268

coderrr writes "New research could allow ISPs to selectively block or slow down your encrypted traffic even if they cannot snoop on your transmitted data. Italian researchers have found a way to categorize the type of traffic that is hidden inside an encrypted SSH session to around 90% accuracy. They are achieving this by analyzing packet sizes and inter-packet intervals instead of looking at the content itself. Challenges remain for ISPs to implement this technology, but it's clear that encrypting your traffic inside an SSH session or VPN connection is not a solution to protect net neutrality."

Sorry! There are no comments related to the filter you selected.

Why bother? (2, Insightful)

Threni (635302) | more than 6 years ago | (#23998665)

They could just throttle all encrypted packets for free.

Re:Why bother? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23998713)

first reply to FIRST POST!!

Re:Why bother? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23998873)

first reply to first reply to first post!

Re:Why bother? (5, Insightful)

TheLink (130905) | more than 6 years ago | (#23999119)

That'll mess up corporate vpn users with clout, and https connections to banks etc.

Anyway it doesn't take a genius to detect p2p.

See the user. See the user after 1 hour. See how many bytes up and down. Check how many different IP destinations the user is connected with.

If they are downloading a lot up and down, and connected to lots of host, chances are they are using P2P. Put them on a watch list. If they are still doing it much later, you put them on a black list where from then on if they are doing something similar you throttle them immediately (you can do it in a way that would in most cases still allow that user's web surfing to work reasonably - since most users don't websurf 20 different sites at the same time AND read those pages at the same time - it doesn't matter if pages come in one by one ).

If they aren't downloading or uploading much, why throttle? :)

No need for fancy math. No need for "deep packet inspection" or fancy "Dumb Investors Hand Over Your Money" phrases.

Then again maybe I should write a "research" paper, mmm $$$$ ;).

Re:Why bother? (1)

NerdyLove (1133693) | more than 6 years ago | (#23999233)

Some plugins fetch data from lots of hyperlinks at the same time in order to speed up browsing, IIRC. Odds are it'd be mostly http, but if https was involved, this could throttle them, too.

It's a really bad idea when the 'innocent' get throttled too. They should err on the side of caution and avoid this.

Re:Why bother? (5, Interesting)

aplusjimages (939458) | more than 6 years ago | (#23999301)

how would this work for gaming online? 16 different IP destinations and I play for hours on in. My understanding of Xbox Live is that it is P2P and if they throttle my Halo 3 game, I'm gonna get pwned even more than normal.

Re:Why bother? (1)

Jonny_eh (765306) | more than 6 years ago | (#23999549)

"Check how many different IP destinations the user is connected with."

Won't help if the user is connected through a VPN tunnel. They'll be talking to one IP.

Re:Why bother? (1)

kabocox (199019) | more than 6 years ago | (#23999863)

(you can do it in a way that would in most cases still allow that user's web surfing to work reasonably - since most users don't websurf 20 different sites at the same time AND read those pages at the same time - it doesn't matter if pages come in one by one ).

So you must be the one that got my webcomics loading slower in the morning! I use that "open all in tabs" to open up like 20 sites in the morning. This used to take 10-20 seconds for all of them to load. Now it'll take 5 minutes or so.

Come on sluggy, megatokyo, schlockmercenary, and dominic-deegan should all load instantly! Normally those sites load as fast as google unless their site is down for some reason. Sites on Comic Genesis usually load very quickly as well unless they have site issues. (That'd take half my web comics down right there.)

Re:Why bother? (2, Informative)

thePowerOfGrayskull (905905) | more than 6 years ago | (#24000027)

That'll mess up corporate vpn users with clout, and https connections to banks etc.

Probably not. In normal circumstances, these connections don't use anywhere near the same raw data transfer volume as one bittorrent with a few dozen connections.

Correction... (-1, Troll)

mi (197448) | more than 6 years ago | (#23998683)

not a solution to protect net neutrality

Not a solution to defeat ISPs attempts to control, what's going through their network.

Subtle changes in wording change the bias dramatically, don't they?

Re:Correction... (5, Insightful)

KDR_11k (778916) | more than 6 years ago | (#23998719)

Not really, they're providers of the medium and have no business limiting or snooping the datat that goes through their network especially since they were often granted a monopoly over building infrastructure in their area.

Re:Correction... (1)

hitmark (640295) | more than 6 years ago | (#23999601)

thing is that isp's are mutating. they are no longer simple "road" providers/maintainers. now they sell you the "fuel" and the "car" as well.

all in all, they want the good old vertical silo of providing the "whole widget".

Another Correction... (5, Insightful)

JustinOpinion (1246824) | more than 6 years ago | (#23998791)

How about:

Not a solution to defeat ISPs attempts to control what's going through the government-funded, monopoly-protected, public-land-using network.

You're right, facts do change the interpretation.

Re:Correction... (4, Insightful)

DrJokepu (918326) | more than 6 years ago | (#23998813)

Not a solution to defeat ISPs attempts to control, what's going through their network.

Do you understand that ISPs are not exactly charity organizations, don't you? I am paying for their service and I expect it to work as it was advertised in their offer.

Re:Correction... (1)

Hawkeye05 (1056362) | more than 6 years ago | (#23999087)

Not a solution to defeat ISPs attempts to control, what's going through their network.

Do you understand that ISPs are not exactly charity organizations, don't you? I am paying for their service and I expect it to work as it was advertised in their offer.

Do you understand that they believe you owe them and that they're just being nice guys for "improving" your online experience. And in the process making it easier for grandparents to download pictures of their ugly grandchildren.

Re:Correction... (5, Insightful)

Eivind (15695) | more than 6 years ago | (#23998965)

If these policies where openly documented, and there where truly free competition, I'd agree with you; let the market sort it out.

That typically isn't the case. First, these policies are rarely documented at all, and if they are, it's in language so vague as to make it useless for purposes of comparing one ISP to another. ("We may, at our discretion, at various times, perform adjustments to packet-priority")

Free competition is also the exception rather than the rule. A huge fraction of end-user-lines where built by telcos acting as a government-granted monopoly, and then they somehow got to keep a large piece of this after the monopolies are no longer in principle monopolies. Which means in many areas they are still in -practice- pretty close to monopolies.

And even where they're not, competition is low and that will remain so. Few people have more than 2, perhaps 3 physical cables coming in that are suitable for broadband. (many have a twisted-pair copper that used to be for POTS and a coax that used to be for analogue-cable, and that's it, extra bonus if the old monopolist owns the tv-cable in your area!)

This ain't gonna change. A single modern cable has moder than enough capacity for all needs, so it's not economically sensible to have a large number of competitive cable-networks.

Really, last-mile networks should be owned and run by the neighbourhoods, or failing that atleast be considered infrastructure, really today a working broadband-connection is basic infrastructure like electric power, water, sewage and roads. (it's not -equally- crucial as those, but it's crucial nevertheless, I doubt a house with -no- telecom-connection of any sort would find many buyers)

Wireless changes the picture a bit, for low-bandwith applications. But only a bit. The problem is that the RF-spectrum is fundamentally shared, thus it will not be possible to deliver the same speeds and reliability as is possible on physical cable. (a single single-mode fibre easily supports speeds up atleast a Tbps or thereabouts which is more than most people need for the next few decades)

Re:Correction... (4, Insightful)

Dr_Barnowl (709838) | more than 6 years ago | (#23998971)

Not a solution to defeat ISPs attempts to control, what's going through networks they constructed with large sums of both public and private money they mortgaged against providing a service to their customers, not fighting against them.

Yup, sure do.

Re:Correction... (3, Insightful)

aussie_a (778472) | more than 6 years ago | (#23999443)

Funny, when I began using their service they never told me they would throttle certain protocols. They said they'd give me access to the internet at certain speeds to the best of their ability. Throttling packets seemed to be significantly below their best.

Er, no. (5, Informative)

Cave Dweller (470644) | more than 6 years ago | (#23998687)

First, encrypted traffic was never safe from throttling anyway. Second, FTA:

"So it seems the use of a tool like this would be limited to an extremely controlled environment where users are limited to a white-list set of network protocols (so that they can't use a different tunneling mechanism, stunnel for example) and only allowed to ssh to servers under the control of the censoring party. In which case you would wonder why the admin wouldn't just set the ssh server's AllowTcpForwarding option to false."

Kinda useless.

Wait for the other shoe to drop (1)

cryptoguy (876410) | more than 6 years ago | (#23999775)

What they have accomplished under a single authentication protocol will probably be extended to the others. When this technique is fully developed, it has potential for other uses besides throttling. For example, a company could use it at the perimeter firewall to prevent use of ssh tunnels to bypass a web proxy.

Non-timing critical? (3, Interesting)

jaminJay (1198469) | more than 6 years ago | (#23998703)

If the application is not time-critical, introducing random jitter would go some way to subverting this, no?

Re:Non-timing critical? (5, Interesting)

omnirealm (244599) | more than 6 years ago | (#23999609)

> introducing random jitter would go some way to subverting this, no?

Exactly. I took a few minutes to glance over the paper. Their feature
extraction stage consists of two predictable attributes: packet size
and time between packets. Modifying the traffic sent at the
application layer (SSH itself does not even need to be touched) can
trivially ambiguate the extracted features so as to throw off the
classification attempt. This is simply a road bump; as soon as it gets
into use, application-layer proxies will pop up to circumvent it.

They also seemed to have inventented their own home-brew statistical
analysis. I was disappointed that they did not go into detail as to
why they largely ignored the entire field of Machine Learning
(NaiveBayes? Perceptron? kNN? Why not try using these?) when coming up
with their classification model.

Re:Non-timing critical? (1)

Piranhaa (672441) | more than 6 years ago | (#23999791)

What about if someone's running an encrypted VOIP server?

Why would they do it? (5, Insightful)

cephah (1244770) | more than 6 years ago | (#23998711)

Can anyone explain to me why any ISP would use this technique? If they start looking at packet sizes to determine different kinds of encrypted traffic then the packets will just be padded, causing their network to be further overloaded...

Re:Why would they do it? (1)

Sigma 7 (266129) | more than 6 years ago | (#23998995)

If they start looking at packet sizes to determine different kinds of encrypted traffic then the packets will just be padded, causing their network to be further overloaded...

Packets involved in a P2P transfer or any other form of data stream are designed to maximize throughput - they send a full packet whenever possible. Padding or adding extra data is in direct contravention to this because it sends useless data that will be discarded. You can identify them because the local to remote packet size is typically large and continuous, which is not normal for an SSH connection.

Re:Why would they do it? (1)

Shakrai (717556) | more than 6 years ago | (#23999411)

You can identify them because the local to remote packet size is typically large and continuous, which is not normal for an SSH connection

I take it you've never used scp or sftp before?

Would have happened anyway. (4, Insightful)

zwei2stein (782480) | more than 6 years ago | (#23998727)

Even without this analysis it was kinda obvious that throttle-happy ISPs would simply throttle all encrypted data once encrypting became mainstream in P2P.

Re:Would have happened anyway. (4, Insightful)

CharlieHedlin (102121) | more than 6 years ago | (#23998867)

What about VPN tunnels? People working from home are a core customer group they don't want to piss off.

Re:Would have happened anyway. (5, Insightful)

thegnu (557446) | more than 6 years ago | (#23998913)

those people will be more obliged to pay the ridiculously jacked up business internet prices, then, i suppose.

Re:Would have happened anyway. (1)

Shadow7789 (1000101) | more than 6 years ago | (#23999083)

Technically, if you are in that situation, you already have to get a business package. But then again, if you are in that situation, chances are you can get your employer to pay for you connection or at least help pay for it.

Re:Would have happened anyway. (2, Insightful)

thegnu (557446) | more than 6 years ago | (#23999293)

I'm just saying that restricting the majority of encrypted traffic will have no effect on the people who actually need the traffic for their job. The ISP will probably consider it a perk that they've manufactured a new "feature" for their business internet package: We don't renege on our contract.

Re:Would have happened anyway. (3, Interesting)

Manitcor (218753) | more than 6 years ago | (#23999325)

1. Not always true, depends on your provider. Having had various consumer and business packages in the past, most ISPs only push you to a business package if you:

a. Want a static IP
b. Want to run any kind of server

2. In the age of 20mbps consumer connections there is no need for someone who just needs legitimate heavier usage of the connection to not use it. I transfer 100's of gigs a month to and from datacenters around the country for my job. Granted I can get my company to help subsidize that but if I found out my ISP was throttling me I would more than likely take my business elsewhere. I would rather have my company pay for an expensive business package with another provider than give more money to a provider that actively wants to screw me over.

Contractors have an even bigger problem as they don't get their connections subsidized (trust me the tax refund isn't much).

So far my ISP has been pretty good, I called about bandwidth issues once or twice and when asked if I was downloading movies I explained to them what I do. When the rep realizes your just another guy trying to do his job you get all sorts of help.

Re:Would have happened anyway. (4, Interesting)

Andy Dodd (701) | more than 6 years ago | (#23999121)

Actually, encrypted or not, the way the Sandvine (I think that was the name?) system used by Comcast worked was it just did a traffic analysis - If your upload connection was more than X% saturated for N seconds, the Sandvine appliance would start spoofed RST injection to kill off connections. The only way around this would be a full blown VPN that used an encrypted transport layer. (Encrypted BitTorrent, SSH, and nearly all encrypted protocols except the various VPN systems are an encrypted application stream over an unencrypted TCP session. Even some VPNs use an unencrypted TCP session to tunnel through, making them vulnerable to RST injection.)

Re:Would have happened anyway. (1)

hesaigo999ca (786966) | more than 6 years ago | (#23999477)

I would have to say use unencrypted data that has stenography encrypted data in its stream....
using stenography, you can embed encrypted data into the picture or file which itself is not encrypted , thereby giving the false sense that the data is not encrypted, on the other end you would use a decryptor and also have a slight advantage that most people looking at the picture would only see a dog or cat, and not know there is info hidden inside the image.

Re:Would have happened anyway. (0)

Anonymous Coward | more than 6 years ago | (#23999583)

Even without this analysis it was kinda obvious that throttle-happy ISPs would simply throttle all data once encrypting became mainstream in P2P.

There, fixed that for you.

Analyzing packet sizes? (0, Redundant)

Anonymous Coward | more than 6 years ago | (#23998729)

Well, what about if they padded the packets with random amount of data?

Look, this is a dead end. (5, Insightful)

Anonymous Coward | more than 6 years ago | (#23998731)

You can identify the type of traffic, because we're not trying very hard to hide it. If you keep going down this road, we'll just send all the time, the same constant packet size, the same rate, regardless of actually required service. It's the same to us, really, because we pay a flat price. It is not the same to you, though, because when we have to make every traffic look the same, we'll use much more of your precious bandwidth, so cut out the crap.

Re:Look, this is a dead end. (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23999025)

Right. It's not like they would just throttle your entire connection if you did that.

Re:Look, this is a dead end. (1)

shird (566377) | more than 6 years ago | (#23999239)

Why would anyone do this if such traffic is detected as p2p traffic and therefore throttled? You are depending on everyone doing this, then complaining about their throttled legitimate traffic - the solution is stop sending legitimate traffic like this, not get the ISP to lift the throttle.

"Dear ISP, I am deliberately making my legitimate traffic look like p2p traffic, and its getting throttled. I don't want to change my legimate traffic back to looking like legimate traffic because I also have p2p traffic and I'm hoping you will lift the throttling due to this complaint".

Basically, your proposal for a workaround is backwards.

Re:Look, this is a dead end. (1)

malkavian (9512) | more than 6 years ago | (#23999557)

Methinks the point is that the originally chosen packet size would relate to definite non-P2P packet sizes and general metrics (not making everything look like P2P, which would, as you say, be self defeating). When all P2P traffic becomes obfuscated to the point that it looks to any statistical analysis exactly the same as all the non p2p traffic, then throttling of that stream becomes rather more difficult, as you have to wave your fingers in the air and guess what you're throttling, which will likely upset a large number of your non-p2p using customers who will complain that "the internet is running slowly", and likely have it explained by a friend of a friend somewhere along the way that the slowness is a deliberate move by the provider. At which point a large section of the customer base become actively hostile to the provider. Which in generally considered "Bad PR". In corporate viewpoints, this is a Bad Thing.

The problem with making encrypted P2P traffic look like encrypted other traffic is that it increases the amount of traffic you need to send (padding packets, more frequent transmission, and in general introducing "noise" into the stream to break the fingerprint of a P2P signature in network analysis). To an individual user, this doesn't make too much difference (perhaps a little slower on the download, perhaps not). To an ISP that has to deal with all new versions of P2P apps having this introduced, and subsequently increasing the used bandwidth, the effect is significant in cost. Whatever metric they use will eventually be obfuscated. And if it catches on, it'll eventually be introduced into the clients. And once it comes as the default option, so that the "average joe" doesn't have to worry about knowing how to flick the switches to get the proper download/upload speeds, they'll end up losing that bandwidth, whether or not they stop the throttling (as it'll no longer have any effect). Net result, wasted ISP bandwidth (huge inefficiencies) for the long term because of an attempt to gain selective benefit in the short term. Typical corporate thinking these days. How do we get the fast buck today, and who cares that this may break the company long term.

Re:Look, this is a dead end. (0)

Anonymous Coward | more than 6 years ago | (#23999291)

And they'll just throttle everything. Game over. There's your dead end.

Re:Look, this is a dead end. (1)

MrNougat (927651) | more than 6 years ago | (#23999415)

And they'll just throttle everything. Game over. There's your dead end.

Which is frankly what they should be doing to begin with. They've oversaturated their equipment, but they're still selling 'blazing fast speed.' If their network can't support the speeds they're selling, they should be selling and enforcing lower speeds.

Re:Look, this is a dead end. (4, Interesting)

dyfet (154716) | more than 6 years ago | (#23999355)

Actually, strange you should suggest this, I was working on a small and rather generic package to tunnel data between hosts in this very way, constant rate/constant packet size tunneling, with empty data filled with random noise, and with non-packet-aligned encrypted data overlayed when there is data to actually send. I was going to call it tstunnel. Yes, it is somewhat of an extreme response to an extreme problem.

Re:Look, this is a dead end. (1)

aussie_a (778472) | more than 6 years ago | (#23999475)

The next step will be for the monopolies to simply be to inform customers they're no longer desired and to stop offering them the service completely. Now they won't do it to everyone, they'll do it to a certain percentage (probably between 1 and 5 percent) and advertise this fact well known through the media.

That should have a chilling effect on p2p users.

Re:Look, this is a dead end. (0)

Anonymous Coward | more than 6 years ago | (#23999751)

The major issue is the ISP believing that the bandwidth is theirs, it isn't. As long as I am paying for it, that bandwidth is mine. If they don't want me using it, they can kindly refund my money and tell me they don't want me as a customer.

What they are doing is analogous to a cable company saying "We're sorry but you watch too much television so we are going to reduce the number of channels you have available."

Re:Look, this is a dead end. (4, Funny)

Anonymous Brave Guy (457657) | more than 6 years ago | (#23999963)

Dear customer,

Thank you for your comments. We regret that because it makes no business sense to continue providing an unlimited bandwidth service, we will be discontinuing this offering from next month. Current subscribers may transfer to our metered service with no disruption. This service is commercially viable and we expect it to remain so, and most users will find the metered service significantly cheaper as they will no longer be subsidising a small minority of heavy users.

At your current usage rates, we estimate that your own monthly bill on the metered service would be approximately:

$1,764.38

Please note that this figure is an estimate based on your current usage level, and may go down or up depending on your future usage patterns.

Best wishes,
Your ISP

Never! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23998735)

Will never be able to decrypt my first p0st!

Re:Never! (2, Funny)

JustOK (667959) | more than 6 years ago | (#23998931)

no, but they can add some latency

second (2, Funny)

Anonymous Coward | more than 6 years ago | (#23998741)

I would have been first but my ISP throttled my SSH tunnel

Ongoing (1)

Tribbin (565963) | more than 6 years ago | (#23998743)

Next step? Encrypted packages that are arbitrarily sized to be like any other encrypted package.

This will backfire (5, Insightful)

DarkOx (621550) | more than 6 years ago | (#23998751)

All its going to do is encourage P2P developers to try (and they will likely succeed) to make P2P traffic look more like other traffic. Want your bittorent to look more like encrypted telnet? Easy send tons of tiny packets and take a short break every few seconds. All this is going to do is increase the packet overhead the ISPs see. That same overhead will also hurt P2P end users but unless its more then the throttle does they will do it anyone. Its a loose loose situation really. They ISPs should realize they gain nothing going down this path.

Re:This will backfire (5, Funny)

Anonymous Coward | more than 6 years ago | (#23998819)

Its a loose loose situation really

That sounds very loose. How loose can you get?

Re:This will backfire (0)

Anonymous Coward | more than 6 years ago | (#23998847)

Loose is relative. It can always get looser.

Re:This will backfire (4, Funny)

thegnu (557446) | more than 6 years ago | (#23998923)

Its a loose loose situation really

That sounds very loose. How loose can you get?

i dunno. ask goatse.

Re:This will backfire (1)

weetabeex (1065032) | more than 6 years ago | (#23999061)

i dunno. ask goatse.

I was enjoying my lunch...

Re:This will backfire (0)

Anonymous Coward | more than 6 years ago | (#23999457)

"Its a loose loose situation really"

No. Sounds more like whine whine.

Re:This will backfire (4, Insightful)

Brainix (748988) | more than 6 years ago | (#23998837)

The ISPs will continue down this path until it is no longer economically feasible to do so. And that day *is* coming. One day, it'll be more expensive to play these cat-and-mouse games than to just give away cheap bandwidth, disk space, etc.

Re:This will backfire (0)

Anonymous Coward | more than 6 years ago | (#23999593)

I disagree. They'll just charge their customers more and more. They'll always make a profit in the end.

Re:This will backfire (0)

Anonymous Coward | more than 6 years ago | (#23998919)

Its a loose loose situation really.

If it's loose, you had better tighten it up then!

Re:This will backfire (0)

Anonymous Coward | more than 6 years ago | (#23998925)

Tor already sends data embedded in nop, rst, acks and so on.
Enciphering data streams has always protected the data, not the metadata, so shaping could take place by analizing sub channel informations as timing, payload sizes and so on. Cloaking this sub channels inside nonstandard stream will become a nightmare to monitor and shape. Cloaking on the Internet is already ages ahead this shaping techniques, only at the current Internet filtering state those are inconvenient.

Re:This will backfire (1)

BForrester (946915) | more than 6 years ago | (#23999133)

Agreed. There have already been some concerted efforts to make P2P traffic mimic VOIP, for instance. The only reason that tactics like this aren't already in place is that existing (simpler) methods are still generally effective enough.

Re:This will backfire (0)

Anonymous Coward | more than 6 years ago | (#23999229)

Exactly... Or why not make encrypted files look like normal text? All this does is cause technology to be built to make traffic flow increase as a countermeasure

Or they can just be lazy and save money (2, Insightful)

Zerth (26112) | more than 6 years ago | (#23998755)

And throttle all encrypted traffic over whatever an IP phone or VPN connection would use on assumption of file-sharing. They don't give a rat's ass what you are doing, really, they just want a reason to throttle you and this company just makes money by giving them one.

Re:Or they can just be lazy and save money (1)

John Hasler (414242) | more than 6 years ago | (#23998797)

> ...this company...

What company?

Re:Or they can just be lazy and save money (0)

Anonymous Coward | more than 6 years ago | (#23998869)

>> ...this company...
>
> What Company?

Any company!

what about ssl vpn? (1)

fsiefken (912606) | more than 6 years ago | (#23998765)

Would the same problem exist with ssl vpn's like openvpn?

VPN users can upgrade (1)

tepples (727027) | more than 6 years ago | (#23998985)

Customers who need to make encrypted connections to a business network can upgrade from a one-nine home SLA to a two-nines business SLA.

Really?! (0, Flamebait)

Anonymous Coward | more than 6 years ago | (#23998789)

And here I thought this was how we did throttling before we did start examining the content.

But as usually the summary is probably balantly wrong and on principal I will not RTFA, so mod me as flamebait already.

Next move... (3, Insightful)

PhotoGuy (189467) | more than 6 years ago | (#23998799)

Well, the next move would simply be some tool, or modification to bittorrent, that makes the traffic patterns look like that of other protocols. While I'm sure it would have some impact upon performance, surely torrent packets can be make to look pretty damn similar to a bunch of HTTPS images being loaded on a web page (or something along those lines). Just like DRM, each move like this isn't solving any problem, just slowing things down, while a counter-move is made. (Or, another provider is chosen who doesn't throttle traffic, competition permitting.)

They can already throttle encrypted traffic. (5, Informative)

Digital_Quartz (75366) | more than 6 years ago | (#23998807)

Could be worse. Rogers and Bell, here in Canada, just throttle ALL encrypted traffic.

Re:They can already throttle encrypted traffic. (5, Interesting)

Fryth (468689) | more than 6 years ago | (#23998899)

You'd think that's how they're doing it, but it doesn't seem to be the case. Rogers customer here, and my SFTP (FTP over SSH) connections go at full-tilt, while BitTorrent has slowed down to a crawl (0-1 KB/sec) on my connection in the past (yes, using the latest uTorrent/Azureus Vuze client, with standard BT MSE/PE encryption enabled).

I don't know what's going on, but I suspect they've already figured out something that these Italian guys are researching now, and they've been able to identify BitTorrent from other encrypted traffic.

Re:They can already throttle encrypted traffic. (4, Insightful)

Klaus_1250 (987230) | more than 6 years ago | (#23999319)

There is another weakness in BT which allows ISP's to throttle traffic. Client to tracker communications. Unless your tracker uses SSL, all peers inside a swarm are send over in the clear. So your ISP knows which IPs are likely to send and receive BT-traffic. They don't have to look at the traffic, they just use the same information the tracker provided to you. IP in BT-swarm? Throttle.

Re:They can already throttle encrypted traffic. (2, Interesting)

Fryth (468689) | more than 6 years ago | (#23999859)

That's interesting, that might be how they're doing it. I heard from some folk who claim success by encrypting the tracker communications only, by sending them over a VPN [secureix.com] .

Re:They can already throttle encrypted traffic. (1)

nurb432 (527695) | more than 6 years ago | (#23999079)

If they throttle all traffic equally and advertise as such when you sign up, that would be cool with me.

Re:They can already throttle encrypted traffic. (1)

Firehed (942385) | more than 6 years ago | (#23999481)

You mean when you don't sign up, right?

Meh... (1)

BlueStrat (756137) | more than 6 years ago | (#23998857)

So the ISPs now have another way to detect types of communication for throttling that they shouldn't normally have a problem with if they had actually kept to their agreements with the US Gov./the people to use the massive tax breaks they were given to build out their infrastructure so that..sort of like that whole deal was intended to do...we could've avoided this kind of problem where throttling would be necessary or desirable to begin with.

What next? You sign up for internet service and pay your money and they hand you a nice glossy screenshot of what your browser would be seeing if your computer was actually connected, because, you know, if they actually had to *transmit* packets, then the tubes would be congested and the pirates/terrists/hackers/crackers would win? What good is a connection to the internet if there's no "inter" in your net connection?

Cheers!

Strat

Italian researchers have also found a way to... (4, Funny)

assemblerex (1275164) | more than 6 years ago | (#23998879)

detect if one of the mario brothers is inside the packet, 89.9% of the time

Re: Italian researchers have also found a way to.. (4, Funny)

Anonymous Coward | more than 6 years ago | (#23999147)

Yeah but that's a cheat owing to the tubes. See, they route all traffic through a huge green pipe and listen for the "Gew gew gew" noise that signals the presence of a Mario Brother.
 
Why would an ISP do Deep Mario Brother Inspection, I hear you ask? Well if you remember, those depths were filled with coins! There's no depth an ISP won't go in order to get those.

Re: Italian researchers have also found a way to.. (0)

Anonymous Coward | more than 6 years ago | (#24000197)

...and listen for the "Gew gew gew" noise that signals the presence of a Mario Brother

That's odd; the Mario Bros. don't look Gewish.

Re: Italian researchers have also found a way to.. (2, Informative)

D'Arque Bishop (84624) | more than 6 years ago | (#23999869)

Mario Brothers would never be in the packets, as they travel through pipes, not tubes. :-)

Why bother decrypting? (1)

gatkinso (15975) | more than 6 years ago | (#23998937)

Just throttle ALL traffic from ip adresses that you consider "excessive."

A modest proposal (1)

symbolset (646467) | more than 6 years ago | (#23999857)

Here's a novel idea: if you intend to sell metered service, sell metered service. Wow. That's just blowing me away with its simplicity. How could they have not thought of that?

Call it "Bandwidth Plus" or something.

Better yet, call your local politician and tell him it would be really cool if power districts could sell communications services, because, you know, they own the rights of way and the incumbent communications providers aren't interested in building out the post roads of the 21st century.

failzorsl!? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23998951)

Never was safe from throttling (0)

nurb432 (527695) | more than 6 years ago | (#23998955)

Its fairly easy to ID standard encrypted traffic and throttle or just outright block. This is something iv'e been talking about all along that people claimed wasn't possible. Once they ban non government 'blessed' encryption, it will just be blocked.

But at least in the meantime, while they can do packet shaping, they still cant snoop on content.

Once that happens we have to come up with practical 'transparent' encryption techniques.

Its always nice to be vindicated, again. Go me!

DNS Lookup? (1)

beaverbrother (586749) | more than 6 years ago | (#23998959)

A reverse DNS lookup will tell you a lot about whether an IP you are sending to is a home user or a corporation. I wouldn't be surprised if they use this also (though Net Neutrality legislation might stop it).

Make a restriction, people will beat it (1)

192939495969798999 (58312) | more than 6 years ago | (#23998979)

Once word gets out that there's some restriction on a service people are used to, they will always find a way to beat it. Last century they tried to ban alcohol and that worked about as well as throttling packets will work here. Inevitably they will have to stop because they'll just force people into any goofy method that circumvents their restrictions.

Re:Make a restriction, people will beat it (0)

Anonymous Coward | more than 6 years ago | (#23999183)

Except there is a major difference, in prohibition it wouldn't have been feasible to inspect each and every car on each and every road. Here that is exactly the case. I hate to say it, but in technology there are solutions, and typically those solutions favor those who pay for them. Sometimes protection schemes do work, take a look at bluray for example. For all the asinine problems it's protection causes you have to at least admit that it isn't cracked after how many years of people attacking it.

its only worth it when we try (1)

nx6310 (1150553) | more than 6 years ago | (#23999049)

where there's a will, there's a way.

The security hole will soon get fixed (4, Interesting)

petes_PoV (912422) | more than 6 years ago | (#23999209)

> have found a way to categorize the type of traffic that is hidden inside an encrypted SSH session ... They are achieving this by analyzing packet sizes and inter-packet intervals instead of looking at the content itself

And in the next (or two) release of SSH implementations, this weakness will, no doubt, be fixed.

Professional cryptographers have known for decades that you don't just switch on your transmitter when you want to send a secret message - no matter how well encrypted it is. The mere fact of traffic is frequently a sizeable tell-tale itself. Instead, you keep your transmitter on 24*7 sending encrypted garbage, with the ability to interleave genuine messages when the need arises. I'm sure that in a short time, the SSH people will remove the ability to profile the transmission to glean anything usable from it.

Re:The security hole will soon get fixed (3, Interesting)

Migraineman (632203) | more than 6 years ago | (#23999929)

Exactly. If you look at the FIPS 140 documents [wikipedia.org] , you'll see layers of data- and physical-security that need to be implemented. Currently, the SSH folks are only considering the raw data encryption requirement at the endpoints. The ISPs' analysis techniques will force the SSH folks to consider the end-to-end link as a single unit, and they'll implement more structures to deny the ISPs any visibility. I fully expect such a move to cost the ISPs more bandwidth. "All these channels look like random data, all the time." Yep.

Comparison to copy protection schemes (3, Insightful)

intx13 (808988) | more than 6 years ago | (#23999241)

Attempts to analyze (and then throttle) Internet traffic reminds me of copy protection schemes. The schemes get more and more complicated (and costly) and at every turn the user gets more sophisticated in his or her attempts to get around the protection. ISPs would be wise to look at the music, movie, and in particular video game industries and realize that there are many, many more users who wish to use P2P software than there are ISP engineers who wish to throttle said users, and that it will always be a losing battle.

Personally, I think the granularity of the ISP payment schemes need to be increased. We pay for cell phone minutes in blocks of 100 or so (or by the minute, depending on your plan); we pay for electricity by the kWH, we pay for water by the gallon (or liter), and so on... why not pay for bandwidth by the Mb? In a perfect world (yeah, well, one can dream!) this would mean reduced costs for the average home Internet user, as most people aren't using anywhere close to what is available, and maybe slightly increased costs for people like me. But then at the same time throttling is no longer an issue. Of course in reality this is unlikely to happen any time soon; why charge responsible, realistic rates when you could charge a flat fee and then just block any traffic you don't like with increasingly expensive technology (and pass the cost on to your monthly subscribers, of course)?

ISPs, learn from the "War on Copyright Violation" - you won't win this battle; give it up and fix the underlying problem.

An even easier throttling rule (1)

MarkH (8415) | more than 6 years ago | (#23999289)

Isn't it about time that ISP's were upfront and simply charged users for what they use? This would encourage ISP's to grow bandwidth to meet demands ( as it adds revenue ) and for users to decide how much content they wish to pay for

net neutrality (2, Interesting)

jaymunro (906707) | more than 6 years ago | (#23999345)

Call me a troll, and I don't usually comment, however I don't think this is what "net neutrality" is about. If you want to be able to download anything and interrupt other people who want to surf freely, that is one thing, but if you just want to be able to surf freely without restriction being imposed by IPS's and such, that is a totally different kettle of fish.

Re:net neutrality (1)

intx13 (808988) | more than 6 years ago | (#23999679)

I don't think this is what "net neutrality" is about. If you want to be able to download anything and interrupt other people who want to surf freely, that is one thing, but if you just want to be able to surf freely without restriction being imposed by IPS's and such, that is a totally different kettle of fish.

You realize, of course, that "surfing" is shorthand for "downloading and then rendering as a web page"? The Web is just one system of protocols and file formats that is available on the Internet - who's to say it should be the only one?

I think it is the exact same kettle of fish. I want to access server A by protocol 1. You wish to access server B by protocol 2. Should mine be throttled so yours can go faster? Should it depend on the servers we want to access ("tiered" Internet)? Should it depend on the protocols we're using (packet-inspection, throttling)? Should it depend on how much we pay (current subscription-based service)? This question is what we call "net neutrality" - how do we get the most people online in a way that is amenable to everything those people want to do - being as "fair" as possible.

Italian Researchers? (1)

ProdigySim (817093) | more than 6 years ago | (#23999371)

I can find a few projects a little closer to home that can do the exact same thing:

One:
http://www.ipp2p.org/ [ipp2p.org]
Two:
http://l7-filter.sourceforge.net/ [sourceforge.net]

I use full encryption on my bittorrent sessions, and it hasn't stopped my router from correctly categorizing every single connection.

Like it matters (1)

phorm (591458) | more than 6 years ago | (#23999399)

Not a Bell customer, but stuck using the Bell network (because they have the DSL last-mile monopoly here)...

Bell doesn't even seem to bother inspecting my packets. As soon as I open up an SSH connection to my box (during peak hours, during off-time when they're known to relax throttling it's fine), things go slow as shit. Not just the encrypted traffic either... there seems to be an overall slowdown that hangs up other connections.

And I'm 99% sure it's not my settings, because everything worked fine until Bell's throttling kicked in (no such issues pre-throttling, with my previous ISP, or when I only SSH to that box from the LAN).

Improve infrastructure (1)

elh_inny (557966) | more than 6 years ago | (#23999687)

It seems that all that needs to be done is to solve it is to upgrade the backbone to allow each user an average download of two x264 movies a day or so, circa 10-20GB.
There is no one able to consume more than that, daily.

Problem is that processing power is cheaper than fiber these days, so they analyze and throttle the packets, instead of increasing the bandwidth.

Let me help you with this.... (1, Insightful)

spasmhead (1301953) | more than 6 years ago | (#23999727)

See the user. See the user after 1 hour. See how many bytes up and down. Check how many different IP destinations the user is connected with.

Errrr, if they are using VPN then they will have 1 IP destination, to the company that's providing the VPN (think SecureIX or Relakks)

If they aren't downloading or uploading much, why throttle? :)

well, of course, we could all just buy an overpriced brardband connection and just not use it. At all. Then we could confidently boast that our connections are never getting throttled and happily invite people to look long and hard at how fucking good we are.

As it happens, we bought our net connections for a reason.

And while Iâ(TM)m at it, does anyone notice that the same ISP's that are most inclined to throttle you (or even report you to the music industry) are the ones who *still* advertise their service by boasting how many music/video files you can download in an hour?

I've experienced deep inspection (1)

LM741N (258038) | more than 6 years ago | (#23999975)

"Bend over and cough please"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?