New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DPI(Deep packet inspection) #5222
Comments
russian provider with torrent block? they could have no clients. |
I have doubts that it will work, but as I said, I don't have a broad technical background, if you know any clients with |
what I learned from the cat-and-mouse race with comcast et.al. back in 2007 was:
Features I think have played our their role are:
The network traffic of bittorrent is probably not too hard to identify with high probability, if one really tries to. I don't think you need to see the actual bits going back and forth, just the approximate packet sizes and timing |
👍, Screw ISPs that kill that tamper with BitTorrent traffic. They should simply be neutral providers. Vote with your wallet, ballot, or fight by other means to that end. Network protocols shouldn't have to accumulate baggage and bloat just to fight bullshit ISPs do. |
Closed until it becomes a global issue, or if someone deems it a serious discussion on this topic. |
The more BitTorrent traffic resembles HTTP/HTTPS (or some other ubiquitous) traffic, the harder it will be for ISPs to disrupt it without also affecting everyone else. "with comcast they started implementing heuristics to kill connections they didn't recognize. You'd be surprised how few of their customers suffered (but some people reported IMAP over SSH stopped working e.g.)" At the time (circa 2006-2011) ComCast was disrupting a lot of 3rd party apps that used the internet that had nothing to do with BitTorrent. |
You're right. I cannot back the claim that few customers were affected. I assumed so based on not seeing many reports of it in mainstream media (just one that I recall). Peer traffic could be made to run over SSL to mimic HTTPS. I can think of a few challenges off the top of my head:
|
If an ISP is using heuristics on unknown traffic and not caring that they have a high false positive rate, BitTorrent traffic is extremely likely to be found and limited/blocked. smell-of-rain probably has that problem...the behavior even sounds like how Sandvine's RSTs worked, although affecting downloading as well as seeding. The problem is...RST packets don't work on UDP-using uTP traffic. So unless uTP is disabled it's not ACTUALLY the same as Sandvine's method. Once a BitTorrent listening port is determined, it's easy to block that port...preventing probably all incoming traffic and most outgoing uTP traffic -- which often uses the same port number even for outgoing connections. It may be possible for ISPs to break BitTorrent's current peer-level encryption ...at the price of needing extreme resources to do it realtime, which I doubt many ISPs are willing to do. @arvidn IBM (the company) found out ComCast was blocking Lotus Notes at all times of day -- ComCast of course denied it, but later changed their methods to reduce doing so. (No penalties for any wrongdoing or inconvenience was ever publicly paid to IBM or Lotus.) I doubt Lotus Notes was sending sensitive traffic as cleartext, and I'm at a loss how that "resembled" BitTorrent traffic even if it did...however it probably benefited Lotus's competitors. |
I will also slip my 5 kopecks. |
ECH extension which is being standartalized in TLS 1.3 fixes issue with SNI. So no problems with that. P.S. In this research proposes for BitTorrent were:
Those could help with static pattern based detection in DPIs. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
A question to anyone having issues like this: |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Alternatively, there is Surge which is a P2P file sharing application built on NKN and is specifically designed to be anonymous. |
HTTP/3 has bidirectional streams[differs from HTTP/2], and most of the internet will use it(using right now, almost 600k devices could be found in Shodan and this is far from the limit), I don't think that an ISP could limit number of connections, they wouldn't do it, cause of critical infrastructure of industrial clients, which use cloud services f.e. with contracts(i.e. banks), anyway they can't limit number of websocket connections too, there have to be at least some recognition of bittorrent traffic to do so.
We could use info_hash as an encryption key with encrypted Client Hello SNI message and since both sides know this key, we can authenticate session. You will call it stupidity, because what is the point of sending encrypted packets and immediately attaching a decryption key to them? Of course, this is an absolutely useless defense in a logical sense, but it makes a lot of sense in practice. After obfuscation, all packets look like random garbage, so to determine whether it is Telegram traffic or not, the provider will have to decrypt each incomprehensible packet using the obfuscated2 method before conducting further checks. Such actions require an unjustified amount of computing power, which providers simply do not have_
Encrypted Client Hello will come as solution for this[came, ECH is working for OpenSSL, BoringSSL, nginx, Apache HTTPD, lighttpd, HAProxy, Conscrypt, curl, and more], with DoH, DoQ. What problems should be solved here additionally @arvidn ? It's possible. Maybe other people could give some review on this @everyone ? |
Back this issue +1 |
Hello, I'm from Russia, most of our internet providers are blocking Bittorrent traffic and this continues for a while(2-3 years).
All trackers are available, the speed is within 300KB, but when downloading a torrent, it goes down to 4-10KB.
All of this is bypassed by VPN proxy, Tor.
But I don't want to reduce the speed; with sites on http(s), when downloading files, there are no problems here, all at maximum speeds.
As I understand it(I don't have a broad technical background), modern DPI(Deep packet inspection) with heuristics and behavioral analysis of packets are used; while the application is running, it generates dynamic traffic, which can also be identified and labeled. For example, BitTorrent generates traffic with a certain sequence of packets that have the same characteristics (incoming and outgoing port, packet size, number of sessions opened per unit of time). it can be classified according to a behavioral (heuristic) model.
I am sure that this practice will soon be used by many providers all around the world.
It may also be that the provider knocks on my/destination's port and checks whether the Bittorrent client is installed there; uses the Connection probe technique(like in China), where when trying to connect to any IP address, such a request is first "frozen", and the subsequent advanced connection to the target address is made on behalf of DPI for inspection.
I ordered a seedbox, but this is not the case.
What I wanted to ask is, can the evolution of the Bittorrent Protocol solve these problems, and in your opinion, what would be possible to do?
What changes could be made so that Bittorrent clients automatically bypasses these restrictions?
As we remember, earlier(from wars between internet providers and torrent downloaders from year of 2005 - to now), first BitTorrent clients worked on tcp ports 6881 to 6889, providers blocked these ports, later with the change of protocol, BitTorrent clients were able to work on any ports, then providers began to analyze traffic by content, and now, after adding encryption(obfuscation), they began to implement heuristics and other techniques, what will be the next great step of the Bittorrent protocol?
Thanks.
The text was updated successfully, but these errors were encountered: