P2P Darknets to eclipse bandwidth management?
Interesting article, and something I think that will certainly becaome an issue for ISPs. Is this a real issue ISPs are thinking about? Via The Register: [snip] Encrypted P2P networks will soon make bandwidth management based on deep packet inspection obsolete, says Staselog, a Finnish appliance outfit. Around 80 per cent of all traffic in the Internet is already P2P. This traffic will increase 1,000-fold in the next five years and most of it will be encrypted P2P, according to a study by Staselog and researchers at Finnish Universities. [snip] http://www.theregister.co.uk/2005/09/01/darknets_fox_traffic_manage_tech/ Overlooking the point that this kind of smells like a pitch for Staselog, I'd be curious to hear of this is an issue on ISP bandwidth management radar... or already is... - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
Fergie (Paul Ferguson) wrote:
Overlooking the point that this kind of smells like a pitch for Staselog, I'd be curious to hear of this is an issue on ISP bandwidth management radar... or already is...
I've been asked this question repeatedly almost as long as we've had the traffic engineering / classification capabilities in our product. The great change towards encrypted p2p protocols has always been "just moments away" for the last three years. In this time we've seen the predominant p2p protocol to change from Kazaa to eDonkey, from eDonkey to DirectConnect and from there, to BitTorrent. The fraction of traffic classified as "other" has been 2-4% of total since we shipped. Obviously the fact that the world has not changed in the past is no proof that it will not in the future. If it does towards increased privacy and encryption, I'm all for the change. Pete
On Thu, 1 Sep 2005, Fergie (Paul Ferguson) wrote:
Interesting article, and something I think that will certainly becaome an issue for ISPs. Is this a real issue ISPs are thinking about?
Its a concern..
Encrypted P2P networks will soon make bandwidth management based on deep packet inspection obsolete, says Staselog, a Finnish appliance outfit.
obsolete is one of those words folks like to use to make an impact, then later fall on their face.. like the internet will implode and all that. packet inspection will just evolve, thats the nature of this problem.. there are things you can find out from encrypted flows - what the endpoints and ports are, who the CA is. then you can look at the characteristics of the data.
Around 80 per cent of all traffic in the Internet is already P2P. This traffic will increase 1,000-fold in the next five years and most of it will be encrypted P2P, according to a study by Staselog and researchers at Finnish Universities.
maybe, 5 year predictions are at best voodoo, who knows what next years killer app will be, or the year after, or the year after....
Overlooking the point that this kind of smells like a pitch for Staselog, I'd be curious to hear of this is an issue on ISP bandwidth management radar... or already is...
i can tell you what 95% of my traffic is currently, the other 5% i dont care Steve
* Stephen J. Wilcox:
packet inspection will just evolve, thats the nature of this problem.. there are things you can find out from encrypted flows - what the endpoints and ports are, who the CA is. then you can look at the characteristics of the data.
These protocols typically don't use a PKI. You could look at public keys, but you don't even have to distribute them in-band. What you can do is look at packet sizes and do timing analysis on incoming and outgoing packets to a particular hosts. For example, it is possible to use such techniques to detect an interactive SSH connection to a particular host on your network which is used by an attacker to control an SSH client which connects to some other host. I don't know how this scales to tens of thousands of hosts, though. Apart from that, I do not really understand the concept of "bandwidth management". Isn't this this just an euphemism for "content management", to avoid the ugly "c" word?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Weimer wrote:
* Stephen J. Wilcox:
packet inspection will just evolve, thats the nature of this problem.. there are things you can find out from encrypted flows - what the endpoints and ports are, who the CA is. then you can look at the characteristics of the data.
These protocols typically don't use a PKI. You could look at public keys, but you don't even have to distribute them in-band.
What you can do is look at packet sizes and do timing analysis on incoming and outgoing packets to a particular hosts. For example, it is possible to use such techniques to detect an interactive SSH connection to a particular host on your network which is used by an attacker to control an SSH client which connects to some other host. I don't know how this scales to tens of thousands of hosts, though.
Apart from that, I do not really understand the concept of "bandwidth management". Isn't this this just an euphemism for "content management", to avoid the ugly "c" word?
In my complete ignorance, I would think that this is part of it certainly, but would be mostly qos issues. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFDHd+50STXFHxUucwRAnECAJ9zU2jRyCVB/ViE6vyELChQKASlDACglOk9 4aP9ur2gJ+CpQCdaIqE+ZAk= =1BZ/ -----END PGP SIGNATURE-----
On 9/2/05, Stephen J. Wilcox <steve@telecomplete.co.uk> wrote: [snip]
packet inspection will just evolve, thats the nature of this problem.. there are things you can find out from encrypted flows - what the endpoints and ports are, who the CA is. then you can look at the characteristics of the data.
to that end, I'm been watching the development of TOR <http://tor.eff.org/> with great interest. -- darkuncle@{gmail.com,darkuncle.net} || 0x5537F527 encrypted email to the latter address please http://darkuncle.net/pubkey.asc for public key
participants (6)
-
Chip Mefford -
Fergie (Paul Ferguson) -
Florian Weimer -
Petri Helenius -
Scott Francis -
Stephen J. Wilcox