Re: [GNUnet-developers] port knocking?

[Alexander Winston]

On Fri, 2004-02-27 at 07:43 -0500, Christian Grothoff wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 25 February 2004 11:44 am, you wrote:
> > On Wed, 25 Feb 2004, Christian Grothoff wrote:
> > > Of course, the biggest question is if there's anyone who'd care for this
> > > tiny extra bit of security (or maybe more appropriately, obscurity).  As
> > > I said before, portknocking would not help against an adversary that
> > > either joins GNUnet or that can perform traffic sniffing.  It only
> > > protects against lazy, clueless random adversaries.
> >
> > What would a lazy, clueless random adversary benefit from the knowledge
> > that some random host is running GNUnet? Anti-GNUnet-personnel
> > can find better ways, and do not fit the profile of lazy, clueless
> > and random.
> 
> I'm not thinking about adversaries that specifically target GNUnet here.
> 
> > ISPs, on the other hand, can look at the traffic patterns
> > and decide that the activity looks p2p'ish enough to take action,
> > and besides take the crypted nature of GNUnet dataflow as additional
> > evidence for villaincy, blackguarding and heinous crime being
> > purported all the time.
> >
> > Just my 3c. Maybe I'm just a bit slow as usual and don't
> > get the implications.
> 
> Well, imagine for a second that you're AT&T.  You have a shitload of 
> second-tier ISPs below you, and you're trying to manage "The Internet".  Your 
> tech-people fight spam and customers that use excessive (in their opinion) 
> amounts of traffic.  What do you do?  Sniff all 30 Million hosts connected to 
> your network and do some heavy-weight traffic analysis? Nonsense.  What those 
> people do is they do port-scans.  For now, probably just 25, maybe some other 
> common ports (open windows-shares, etc).  If they detect an open port where 
> there should be none, they notify the second-tier ISP to do something about 
> it (i.e. shutdown the machine, tell the customer to remove the virus, 
> whatever).  
> 
> Now, for these guys, a quick & dirty portscan is all they can afford. 
> Similarly, what's a university going to do?  Yes, they may scan their campus 
> network for open ports to detect vulnerable machines, to enfore policies ("no 
> p2p"), but it's much less likely that their tech-support has the knowledge 
> (and time) to go and start sniffing traffic.  Not to mention that while 
> port-scanning might be considered acceptable behavior for some ISPs, actually 
> doing traffic sniffing is a much more severe violation of user's privacy and 
> thus might be harder to get away with (the headline, "ISP scans ports" 
> doesn't sound like a CNN hit, "ISP spies on user's traffic" is more likely to 
> put the ISP out of business...).  So in some ways, I believe it's much more 
> likely for the average GNUnet user to encounter such a 'stupid' adversary 
> than someone with the time, money, technical expertise and boldness to run 
> tcpdump.

Would it be possible to generate a unique port knocking sequence every
time that GNUnet is run so that only other peers know what the sequence
is?

signature.asc
Description: This is a digitally signed message part