Saturday, August 6, 2011

Dan Kaminsky: I Can Tell if Your ISP Breaks Net Neutrality

While it is not clear yet what Net Neutrality means, there is already a way to know if your ISP breaks it:

"Say Google is 50ms slower than Bing. Is this because of the ISP, or the routers and myriad server and path differentials between the ISP and Google, vs. the ISP and Bing? Can’t tell, it’s all conflated. We have to normalize the connection between the two sites, to measure if the ISP is using policy to alter QoS. Here’s how we do this with n00ter"

This comes from Dan "I write code" Kaminsky (pictured), who presented n00ter during Black Hat security conference. See slides below (the relvant part starts at slide 66).

See also "Who Shapes Traffic in the US?" - here.

"Start with a VPN, that creates an encrypted link from a Client to a broker/concentrator. An IP at the Broker talks plaintext with Google and Bing, who replies to the Broker. The Broker now encrypts the traffic back to the Client. Policy can’t differentiate Bing traffic from Google traffic, it’s all encrypted.
Now, lets change things up — let’s have the Broker push the response traffic from Google and Bing, completely in the open. In fact, lets have it go so far as to spoof traffic from the original sources, making it look like there isn’t even a Broker in place. There’s just nice clean streams from Google and Bing. If traffic from the same host, being sent over the same network path, but looking like Google, arrives faster (or slower) than traffic that looks like it came from Bing, then there’s policy differentiating Google from Bing".

See "Black Ops of TCP/IP 2011" - here.

No comments:

Post a Comment