[liberationtech] Massive passive wiretapper: How to technically troll them?
Lars Luthman
mail at larsluthman.net
Sat Sep 14 09:56:00 PDT 2013
On Sat, 2013-09-14 at 17:35 +0200, Fabio Pietrosanti (naif) wrote:
> Hi,
>
> i was wondering how it could be possible to bring some kind of denial of
> service to impact the functionalities and/or reduce the performance of
> the systems users by massive passive wiretapper listening on the fibers.
>
> [...]
>
> Then we need to prepare the right pattern of traffic, being cleartext
> SMTP, HTTP, POP3, other, that will be exchanged between the two peers at
> full speed.
>
> The traffic we need to generate has to be compressed, in order to
> increase the load we put on the massive passive wiretapper decoding
> processes, amplifying the amount of data generated. If we assume a
> properly done 400% protocol compression ratio, with 100TB monthly data
> we may generate 400TB of data on wiretapper system.
Cleartext is probably not a good idea. It will get recorded, analysed,
and, once the creeps have written a filter to match it if there isn't
one already, discarded. Encrypted traffic on the other hand will
probably be stored for a longer time while waiting for the keys to turn
up somehow, hence costing more money.
HTTPS is probably the best bet, or at least some TLS connection that
mimics the characteristics of HTTPS, since that is what's used for
virtually all user applications these days. Of course, using encrypted
connections means that you can't do the compression trick.
--ll
More information about the liberationtech
mailing list