net neutrality a primer. network neutrality the promise of the internet means networks should be...
Post on 11-Jan-2016
217 Views
Preview:
TRANSCRIPT
NET NEUTRALITYA primer
Network Neutrality
• The promise of the Internet• Means networks should be dumb• Because for once, dumb is good:– Dumb networks are necessary for open and free
communication– Key to innovation– The promise of the Internet
Who wouldn’t want this?
• Telecom providers feel left out of the Internet economy :-(– Dear Google: We’re the reason you’re successful.
Shouldn’t you pay us for all the traffic we bring you?• Internet Service Providers want to ration
bandwidth by application• Create tiered access– “value-add” for the consumer – BitTorrent and MMORPGs? $$$
Their needs
The Internets: Not a truck
How?
• Traffic shaping• Deep Packet Inspection– Telecom provider buys special
box– Special box peeks into your
internet connections– Tries to identify applications
and services using known patterns
– Even encrypted protocols have identifiable patterns..
Meanwhile…
#iranelectionJUNE 2009, TEHRAN
Censorship in Iran
• Between 5 and 10 million websites, according to government statements– Dissident and reformist political content– Secular viewpoints– Ba’hai faith, Kurdish movements– Sins: Pornography, drug, alcohol, gambling– Foreign media sites– Tools for circumventing filters– 9% of all Farsi blogs– Myspace, Orkut, Flickr, Bebo, Metacafe, Photobucket,
Del.ic.io.us
And during the 2009 election..
Iran Facts
• 23 million Internet users in Iran (28 million in Canada)
• 35% of the Iranian population• 60,000 active Farsi blogs• 1/3 of the Iranian population is between 15
and 29 years old
Circumventing Censorship
• SSL encrypted proxy servers• Freegate• Tor• OpenVPN tunnels• SSH tunnels
Iran blocking ports?
• We needed to know if it was true that connections originating inside Iran were being blocked by port
• We had no friends in Iran to help us test this• Then we had an idea..
Testing Connectivity from Within Iran
• Follow these steps:– Step 1: Google for publicly accessible FTP server– Step 2: Connect with FTP client and initiate active
mode data connection back to client– Step 3: Wait to see if connection successfully
completes or not• Implemented in a program that did this
automatically– Link at the end of presentation
Results
• So how many ports were being blocked?
None!
However..
• There were credible reports from Iran of connectivity problems
• A pattern emerged– Affected connections are slow, very slow– The port does not matter– Destination does not matter– What matters is the protocol you’re using to
communicate
An experiment
• We wanted to verify a theory that deep packet inspection technology was behind the censorship
• The SSH protocol was chosen• Modifications were made to OpenSSH to fully
encrypt the initial handshake– To avoid detection by deep packet inspection
technology
Result
• Significant performance differences observed between normal SSH and the modified SSH– This strongly suggested that some sort of deep
packet inspection technology was being used • Later, sources in Iran credibly claimed that
Western technology was being used to implement state censorship policy– Packet shaping, deep packet inspection technology– Specific products cited
Conclusion
• By definition, deep-packet inspection, packet shaping technology is censorship technology
• The introduction of a policy of service or application preference, an intentional bias
• The technology is not evil– But it can be
• Similarly, the export of technology to Iran is not a bad thing
Thank you!
Links
• http://opennet.net/studies/Iran2009• http://github.com/brl/ftpscan• http://github.com/brl/obfuscated-ssh• E-mail– bruce@netifera.com– david@netifera.com
top related