I don't believe that most ISPs routinely do traffic flow analysis on their users. If they did, they would have implemented proper egress filtering many years ago. The fact that they haven't suggests that they really don't care, in general. Colo's are different, in that they usually give you access to a LOT of bandwidth, and they're hosting an actual box; this is a completely different situation.
On Tue, Oct 11, 2005 at 08:56:03PM -0400, jrandom at i2p.net wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Well, it would certainly be useful in China at present, judging from the > > level of effort they have put in previously to block stuff (a bit, but > > not a massive amount). > > I went back through some of my posts in this thread to find places where > I addressed this specific point, but ended up copying a dozen chunks of > text restating in different ways why what you suggest is a bad way to go. > I've trimmed that down to this one: > > "In the near term, Freenet will operate on the small scale (from the > government's perspective), so it will work fine, since it won't be > attacked. This would be good, as it would help individuals who > need help. > > However, if Freenet grows to match the claim of a "globally scalable > darknet", or maybe even if it just garners enough press for people > to think it does, it would then become worth attacking, and hence, > *less secure* than if it didn't grow." > > What you're proposing is a dangerous game - get large enough to be useful, > but /stay small enough not to perceived as a threat/. > > > Whether in future they get pissed off enough that they put in the > > significant amount of effort required to detect, deter and block > > freenet/dark, we will see. > > This brings up another thing I said earlier: > > "Any statements regarding the anonymity of Freenet when it > isn't under attack are meaningless, if not misleading" > > If they don't put in the effort required to detect, deter, and block > Freenet/dark, there's no need to go through all the trouble of building > such a complicated anonymity focused system - there are much simpler > alternatives, especially since Freenet/dark already depends upon > existing trust relationships. > > If they do put in the effort required to detect, deter, and block > Freenet/dark, then Freenet/dark is shut down, users prosecuted, or > worse. > > As for the cost of some attacks that a state level adversary could > mount, consider this - a few months back, my colo provider blackholed > my machine based on their automated traffic analysis of their > network. After explaining that no, such high UDP data rates with a > diverse set of peers is perfectly normal, as I'm developing a > comm system, they put my box back online. It is a large ISP, used > by many high bandwidth servers, and a measly 60KBps wouldn't even be > a blip on their radar. However, they knew my machine was acting > 'strange', and after an admin determined that yes, it was sending > lots of UDP packets to lots of peers, they shut it down. > > This was standard operating procedure for the ISP - continuous > monitoring for abnormal behavior. Its just good business practice. > > Now, imagine all ISPs with that SOP, with a mandate that certain > categories of abnormal behavior be included in the (software driven) > pattern detection (perhaps through a government provided software > or firmware update), and that their administrators verify and > notify some agency when the mattern matches (instead of, as in my > case, blackhole the box). > > Is it still necessary for me to go into a detailed cost analysis of > some attacks that a state level adversary can mount to pierce > Freenet/dark's obscurity, or do you understand what I'm saying? > > =jr > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFDTFz0WYfZ3rPnHH0RAkxnAJ96nYvyZi646hNyIAScrUNXI7qjwgCcCzfY > ct01zXbc4uA9hl6hijNmQac= > =b0py > -----END PGP SIGNATURE----- > _______________________________________________ > Tech mailing list > Tech at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20051012/76ec56f0/attachment.pgp>
