I think we just discussed this over in the huawei list ;-) This is pretty awesome!
On Fri, Jun 14, 2013 at 12:30 PM, Eric Wustrow <ew...@umich.edu> wrote: > Oddly enough, anticensorship. We use similar technology as the censors > (DPI, flow blocking), but use our system in a non-censoring country's ISP > to detect secret tags in connections from censored countries, and serve as > a proxy for them. Once we detect a flow with a secret tag passing through > the ISP, we block the real flow, and start spoofing half of the connection. > We use this covert channel to communicate to the client and act as a proxy. > To the censor, this looks like a normal connection to some innocuous, > unrelated (and unblocked) website. The obvious difficulty is convincing > ISPs to deploy such a proxy. More details can be found at > https://telex.cc/ > > > > On Fri, Jun 14, 2013 at 3:15 AM, Dobbins, Roland <rdobb...@arbor.net> > wrote: > > > > > On Jun 14, 2013, at 2:32 AM, Eric Wustrow wrote: > > > > > I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 > > gbps link, with new blocked flows being dropped within a millisecond or > so > > of > > > being added. > > > > What's the actual application for this mechanism? > > > > ----------------------------------------------------------------------- > > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > > > Luck is the residue of opportunity and design. > > > > -- John Milton > > > > > > > -- Phil Fagan Denver, CO 970-480-7618