|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: P2P Darknets to eclipse bandwidth management?
* Stephen J. Wilcox: > packet inspection will just evolve, thats the nature of this > problem.. there are things you can find out from encrypted flows - > what the endpoints and ports are, who the CA is. then you can look > at the characteristics of the data. These protocols typically don't use a PKI. You could look at public keys, but you don't even have to distribute them in-band. What you can do is look at packet sizes and do timing analysis on incoming and outgoing packets to a particular hosts. For example, it is possible to use such techniques to detect an interactive SSH connection to a particular host on your network which is used by an attacker to control an SSH client which connects to some other host. I don't know how this scales to tens of thousands of hosts, though. Apart from that, I do not really understand the concept of "bandwidth management". Isn't this this just an euphemism for "content management", to avoid the ugly "c" word?
|