1 / 37

Net Neutrality

A primer. Net Neutrality. Network Neutrality. The promise of the Internet Means networks should be dumb Because for once, dumb is good: Dumb networks are necessary for open and free communication Key to innovation The promise of the Internet. Who wouldn’t want this?.

umay
Télécharger la présentation

Net Neutrality

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A primer Net Neutrality

  2. Network Neutrality • The promise of the Internet • Means networks should be dumb • Because for once, dumb is good: • Dumb networks are necessary for open and free communication • Key to innovation • The promise of the Internet

  3. Who wouldn’t want this? • Telecom providers feel left out of the Internet economy :-( • Dear Google: We’re the reason you’re successful. Shouldn’t you pay us for all the traffic we bring you? • Internet Service Providers want to ration bandwidth by application • Create tiered access • “value-add” for the consumer • BitTorrent and MMORPGs? $$$

  4. Their needs

  5. The Internets: Not a truck

  6. How? • Traffic shaping • Deep Packet Inspection • Telecom provider buys special box • Special box peeks into your internet connections • Tries to identify applications and services using known patterns • Even encrypted protocols have identifiable patterns..

  7. Meanwhile…

  8. JUNE 2009, TEHRAN #iranelection

  9. Censorship in Iran • Between 5 and 10 million websites, according to government statements • Dissident and reformist political content • Secular viewpoints • Ba’hai faith, Kurdish movements • Sins: Pornography, drug, alcohol, gambling • Foreign media sites • Tools for circumventing filters • 9% of all Farsi blogs • Myspace, Orkut, Flickr, Bebo, Metacafe, Photobucket, Del.ic.io.us

  10. And during the 2009 election..

  11. Iran Facts • 23 million Internet users in Iran (28 million in Canada) • 35% of the Iranian population • 60,000 active Farsi blogs • 1/3 of the Iranian population is between 15 and 29 years old

  12. Circumventing Censorship • SSL encrypted proxy servers • Freegate • Tor • OpenVPN tunnels • SSH tunnels

  13. Iran blocking ports? • We needed to know if it was true that connections originating inside Iran were being blocked by port • We had no friends in Iran to help us test this • Then we had an idea..

  14. Testing Connectivity from Within Iran • Follow these steps: • Step 1: Google for publicly accessible FTP server • Step 2: Connect with FTP client and initiate active mode data connection back to client • Step 3: Wait to see if connection successfully completes or not • Implemented in a program that did this automatically • Link at the end of presentation

  15. Results • So how many ports were being blocked? None!

  16. However.. • There were credible reports from Iran of connectivity problems • A pattern emerged • Affected connections are slow, very slow • The port does not matter • Destination does not matter • What matters is the protocol you’re using to communicate

  17. An experiment • We wanted to verify a theory that deep packet inspection technology was behind the censorship • The SSH protocol was chosen • Modifications were made to OpenSSH to fully encrypt the initial handshake • To avoid detection by deep packet inspection technology

  18. Result • Significant performance differences observed between normal SSH and the modified SSH • This strongly suggested that some sort of deep packet inspection technology was being used • Later, sources in Iran credibly claimed that Western technology was being used to implement state censorship policy • Packet shaping, deep packet inspection technology • Specific products cited

  19. Conclusion • By definition, deep-packet inspection, packet shaping technology is censorship technology • The introduction of a policy of service or application preference, an intentional bias • The technology is not evil • But it can be • Similarly, the export of technology to Iran is not a bad thing

  20. Thank you!

  21. Links • http://opennet.net/studies/Iran2009 • http://github.com/brl/ftpscan • http://github.com/brl/obfuscated-ssh • E-mail • bruce@netifera.com • david@netifera.com

More Related