Net Neutrality - PowerPoint PPT Presentation

umay
net neutrality n.
Skip this Video
Loading SlideShow in 5 Seconds..
Net Neutrality PowerPoint Presentation
Download Presentation
Net Neutrality

play fullscreen
1 / 37
Download Presentation
Net Neutrality
126 Views
Download Presentation

Net Neutrality

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. A primer Net Neutrality

  2. Network Neutrality • The promise of the Internet • Means networks should be dumb • Because for once, dumb is good: • Dumb networks are necessary for open and free communication • Key to innovation • The promise of the Internet

  3. Who wouldn’t want this? • Telecom providers feel left out of the Internet economy :-( • Dear Google: We’re the reason you’re successful. Shouldn’t you pay us for all the traffic we bring you? • Internet Service Providers want to ration bandwidth by application • Create tiered access • “value-add” for the consumer • BitTorrent and MMORPGs? $$$

  4. Their needs

  5. The Internets: Not a truck

  6. How? • Traffic shaping • Deep Packet Inspection • Telecom provider buys special box • Special box peeks into your internet connections • Tries to identify applications and services using known patterns • Even encrypted protocols have identifiable patterns..

  7. Meanwhile…

  8. JUNE 2009, TEHRAN #iranelection

  9. Censorship in Iran • Between 5 and 10 million websites, according to government statements • Dissident and reformist political content • Secular viewpoints • Ba’hai faith, Kurdish movements • Sins: Pornography, drug, alcohol, gambling • Foreign media sites • Tools for circumventing filters • 9% of all Farsi blogs • Myspace, Orkut, Flickr, Bebo, Metacafe, Photobucket, Del.ic.io.us

  10. And during the 2009 election..

  11. Iran Facts • 23 million Internet users in Iran (28 million in Canada) • 35% of the Iranian population • 60,000 active Farsi blogs • 1/3 of the Iranian population is between 15 and 29 years old

  12. Circumventing Censorship • SSL encrypted proxy servers • Freegate • Tor • OpenVPN tunnels • SSH tunnels

  13. Iran blocking ports? • We needed to know if it was true that connections originating inside Iran were being blocked by port • We had no friends in Iran to help us test this • Then we had an idea..

  14. Testing Connectivity from Within Iran • Follow these steps: • Step 1: Google for publicly accessible FTP server • Step 2: Connect with FTP client and initiate active mode data connection back to client • Step 3: Wait to see if connection successfully completes or not • Implemented in a program that did this automatically • Link at the end of presentation

  15. Results • So how many ports were being blocked? None!

  16. However.. • There were credible reports from Iran of connectivity problems • A pattern emerged • Affected connections are slow, very slow • The port does not matter • Destination does not matter • What matters is the protocol you’re using to communicate

  17. An experiment • We wanted to verify a theory that deep packet inspection technology was behind the censorship • The SSH protocol was chosen • Modifications were made to OpenSSH to fully encrypt the initial handshake • To avoid detection by deep packet inspection technology

  18. Result • Significant performance differences observed between normal SSH and the modified SSH • This strongly suggested that some sort of deep packet inspection technology was being used • Later, sources in Iran credibly claimed that Western technology was being used to implement state censorship policy • Packet shaping, deep packet inspection technology • Specific products cited

  19. Conclusion • By definition, deep-packet inspection, packet shaping technology is censorship technology • The introduction of a policy of service or application preference, an intentional bias • The technology is not evil • But it can be • Similarly, the export of technology to Iran is not a bad thing

  20. Thank you!

  21. Links • http://opennet.net/studies/Iran2009 • http://github.com/brl/ftpscan • http://github.com/brl/obfuscated-ssh • E-mail • bruce@netifera.com • david@netifera.com