On 17-10-2014 15:59, Ian Grant wrote:
> On Fri, Oct 17, 2014 at 2:49 PM, Bret Lambert <bret.lamb...@gmail.com>
wrote:
>> Well, if, as Herr Schroeder seems to be implying, this is used to
>> avoid port scans, I'd look for traffic to/from address:port which
>> don't show up on scans.
> That's why I want to hide it behind an ordinary service.
>
>>> Also, the VPN could be tunneled
>>> over HTTP if necessary.
>> I know of at least one company which sells a product which doesn't
>> just read headers, but classifies traffic based upon behavior, e.g.,
>> "small request receives large response -> bulk transfer", or
>> "series of tiny packets which receive a single, larger response ->
>> interactive session". I assume nation-states have developed similar
>> capabilities.
> That's fine. But they have to analyze all the traffic. This is a
> needle in a haystack.
>
>> The ability to use statistical methods to eavesdrop on encrypted
>> SIP sessions comes to mind as an example of traffic analysis as a
>> tool to defeat adversaries who are attempting to secure their
>> communications.
> Again, a needle in a haystack.
>
> Please read the OP before refuting stuff on the list. If you want to
> argue, and you aren't sure of your argument, e-mail me off the list.
> Otherwise it just adds to the general level of confusion, which is
> already higher than I'd expected on this list.
>
> Thanks,
> Ian
>
Hi,
I've read both the paper, your blog post and even your document
about the foundation. I must tell you, I found someone even more
paranoid than I am. But, there is the good paranoid and there is bad. Of
course everything in excess is bad, but man, you really get into it.
This tcp shadow stack would do no good in preventing people from
learning what you're doing. It's security through obscurity, even though
the authors of the paper try to say that it ain't. Believe me, this
would only scream on their filters. Hell, even someone capturing this
with tcpdump and analyzing it later would see something it's not right.
The answer to most of our privacy problems in today's internet is
cryptography. Better yet, properly implemented strong cryptography. I
believe that OpenBSD does that. But don't expect them to add a security
through obscurity layer to their kernel because I guess they wont.
Cheers
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
