Does VPN traffic stand out from other traffic to the ISP?

Discussion in 'Wireless Internet' started by Cordell James, Jan 29, 2014.

  1. What does the ISP actually *see* when VPN
    is trafficking his network?

    I realize he sees "gibberish", but, can he
    just look at that gibberish and say "that
    looks a lot like my subscriber is using VPN"?

    Does VPN traffic stand out from other traffic?
    Cordell James, Jan 29, 2014
    1. Advertisements

  2. Cordell James

    Lusotec Guest

    Hash: SHA256

    The ISP sees the encrypted packets stream, the TCP/IP packets headers, the
    packets sizes and the packets times.

    With the above information and without any significant computational power
    it is possible to infer what kind of traffic is going through the VPN (e.g.
    http, POP, interactive terminal/vnc/rdp session).

    Some VPN minimize/prevent this information leak by smoothing/flattening the
    packets sizes and times distributions, for example by constantly filling the
    channel with data to produce a constant rate of same sized packets. Dummy
    data is sent when there is no actual data to send.
    Yes and depending on the VPN software they may even be able to say "that
    looks a lot like a VNC transmitting HTTP/IMAP/vnc/whatever traffic.
    Yes. It is very easy to spot encrypted traffic among all the traffic and
    different kinds of encrypted traffic (e.g. https, ssh, vpn, openssl, tor,
    imaps, pops) have somewhat distinct handshake and early traffic patterns so
    it is possible to make an educated guess on what kind of encrypted traffic
    it is.

    This kind of information leak can by minimized.

    - - Fill the channel with dummy data and use traffic shaping to flatten the
    packets distribution while transmitting the dummy traffic with the least
    priority, so that your real traffic can get to the destination with minimal

    - - Multiplex/mix traffic in a single channel.

    - - Use a less suspicious encryption channel (e.g. https) to encrypt a more
    suspicious encryption channel (e.g. vpn).

    - - Use proxies with lots of encrypted traffic to obscure your own traffic.

    - - Use proxy chaining, preferably in various countries.

    - - Use tor to anonymize your traffic and also give you plausible deniability.

    The above is more than enough to defeat a ISP level adversary but for
    nation/state level adversaries always remember that brute-force rubber-hose
    decryption is very effective and computationally free.

    Version: GnuPG v1.4.10 (GNU/Linux)

    -----END PGP SIGNATURE-----
    Lusotec, Jan 29, 2014
    1. Advertisements

  3. Cordell James

    ps56k Guest

    interesting - just reading the thread....

    ps56k, Jan 29, 2014
  4. Cordell James

    ohyeah Guest

    Oh yeah? I was told by another expert (self-appointed?) that VPN SSL/p443
    traffic is indistinguishable from any other ssl traffic, for example,

    --- news:// - complaints: ---
    ohyeah, Jan 31, 2014
  5. Cordell James

    miso Guest

    The average schmuck's pipe will be a combination of encrypted and
    unencrypted traffic. When you are totally encrypted, you look like you have
    something to hide.

    I assume you are aware of traffic analysis. The VPN user has a different
    profile than the general public.
    miso, Jan 31, 2014
  6. Uh huh. And if you've got nothing to hide, you don't need encryption,
    right? Christ on a moped.
    Buster Friendly, Jan 31, 2014
  7. Sure, but would you ever figure out what the word for "pipe bomb" or
    "machine gun" was?
    Happynet Steering Society, Jan 31, 2014
  8. Cordell James

    miso Guest

    This article explains why surveillance is a problem even if you really don't
    have anything to hide. Maybe you have nothing to hide (doubtful), but there
    is always some person (usually government official) who has some power over
    your life, and they have something to hide. Hence Hoover spying on
    politicians to become a government unto himself.'s_about_blackmail,_not_national_security/

    We know from the Edward Snowden leaks that the NSA saves all PGP encrypted
    mail, with the hope that they can someday decrypt the messages. That was
    Snowden's story, I assume they will do a black bag job and steal your
    certificate if they really want the email decoded.
    miso, Jan 31, 2014
  9. Herro!
    Cordell James, Feb 1, 2014
  10. With enough metadata, they can probably obtain your secret key.
    Cordell James, Feb 1, 2014
  11. Ha. The only time I used PGP regularly for email it was to email a
    friend who live about 10 blocks away who refused to accept email that
    wasn't encrypted. This was years ago too, when the US govt was trying to
    pretend that PGP wasn't legal. Our emails went something like "so, Bob,
    you wanna meet at Toe Blake's for lunch?" and he'd encrypt back "sure,
    Wilbur, how about 1:30" and I was like "cool, see you then." And the NSA
    can keep those encrypted emails until they eventually decrypt them so
    that they can study the tavern habits of two old hippies are probably
    dead or demented by then.
    Wilbur Eleven, Feb 1, 2014
  12. Really liked this quote so I googled it and read the letter. Bukowski
    sounds like quite a character. I'm not much for poetry but perhaps I'll
    check out some of his short stories.

    Sorry if you got an earlier e-mail response. Screwed up and hit the
    wrong thing. Why Thunderbird moved to a reply, followup choice beats
    me. I think it probably went to a non-existent address though.
    M. John Matlaw, Feb 1, 2014
  13. Oh yes my dear, email to Wilbur goes into a deep dark hole. Thanks for
    the thought though!
    Wilbur Eleven, Feb 1, 2014
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.