Interesting article, and something I think that will certainly
becaome an issue for ISPs. Is this a real issue ISPs are thinking
about?
Via The Register:
[snip]
Encrypted P2P networks will soon make bandwidth management based on deep packet inspection obsolete, says Staselog, a Finnish appliance outfit.
Around 80 per cent of all traffic in the Internet is already P2P. This traffic will increase 1,000-fold in the next five years and most of it will be encrypted P2P, according to a study by Staselog and researchers at Finnish Universities.
Overlooking the point that this kind of smells like a pitch for
Staselog, I'd be curious to hear of this is an issue on ISP
bandwidth management radar... or already is...
Overlooking the point that this kind of smells like a pitch for
Staselog, I'd be curious to hear of this is an issue on ISP
bandwidth management radar... or already is...
I've been asked this question repeatedly almost as long as we've had the traffic engineering / classification capabilities in our product. The great change towards encrypted p2p protocols has always been "just moments away" for the last three years. In this time we've seen the predominant p2p protocol to change from Kazaa to eDonkey, from eDonkey to DirectConnect and from there, to BitTorrent. The fraction of traffic classified as "other" has been 2-4% of total since we shipped.
Obviously the fact that the world has not changed in the past is no proof that it will not in the future. If it does towards increased privacy and encryption, I'm all for the change.
Interesting article, and something I think that will certainly becaome an
issue for ISPs. Is this a real issue ISPs are thinking about?
Its a concern..
Encrypted P2P networks will soon make bandwidth management based on deep
packet inspection obsolete, says Staselog, a Finnish appliance outfit.
obsolete is one of those words folks like to use to make an impact, then later
fall on their face.. like the internet will implode and all that.
packet inspection will just evolve, thats the nature of this problem.. there are
things you can find out from encrypted flows - what the endpoints and ports are,
who the CA is. then you can look at the characteristics of the data.
Around 80 per cent of all traffic in the Internet is already P2P. This traffic
will increase 1,000-fold in the next five years and most of it will be
encrypted P2P, according to a study by Staselog and researchers at Finnish
Universities.
maybe, 5 year predictions are at best voodoo, who knows what next years killer
app will be, or the year after, or the year after....
Overlooking the point that this kind of smells like a pitch for Staselog, I'd
be curious to hear of this is an issue on ISP bandwidth management radar... or
already is...
i can tell you what 95% of my traffic is currently, the other 5% i dont care
packet inspection will just evolve, thats the nature of this
problem.. there are things you can find out from encrypted flows -
what the endpoints and ports are, who the CA is. then you can look
at the characteristics of the data.
These protocols typically don't use a PKI. You could look at public
keys, but you don't even have to distribute them in-band.
What you can do is look at packet sizes and do timing analysis on
incoming and outgoing packets to a particular hosts. For example, it
is possible to use such techniques to detect an interactive SSH
connection to a particular host on your network which is used by an
attacker to control an SSH client which connects to some other host.
I don't know how this scales to tens of thousands of hosts, though.
Apart from that, I do not really understand the concept of "bandwidth
management". Isn't this this just an euphemism for "content
management", to avoid the ugly "c" word?
packet inspection will just evolve, thats the nature of this problem.. there are
things you can find out from encrypted flows - what the endpoints and ports are,
who the CA is. then you can look at the characteristics of the data.
to that end, I'm been watching the development of TOR
<http://tor.eff.org/> with great interest.
packet inspection will just evolve, thats the nature of this
problem.. there are things you can find out from encrypted flows -
what the endpoints and ports are, who the CA is. then you can look
at the characteristics of the data.
These protocols typically don't use a PKI. You could look at public
keys, but you don't even have to distribute them in-band.
What you can do is look at packet sizes and do timing analysis on
incoming and outgoing packets to a particular hosts. For example, it
is possible to use such techniques to detect an interactive SSH
connection to a particular host on your network which is used by an
attacker to control an SSH client which connects to some other host.
I don't know how this scales to tens of thousands of hosts, though.
Apart from that, I do not really understand the concept of "bandwidth
management". Isn't this this just an euphemism for "content
management", to avoid the ugly "c" word?
In my complete ignorance, I would think that this is part of it
certainly, but would be mostly qos issues.