Presentation is loading. Please wait.

Presentation is loading. Please wait.

NET NEUTRALITY A primer. Network Neutrality The promise of the Internet Means networks should be dumb Because for once, dumb is good: – Dumb networks.

Published byPauline McDowell Modified over 8 years ago

Similar presentations

Presentation on theme: "NET NEUTRALITY A primer. Network Neutrality The promise of the Internet Means networks should be dumb Because for once, dumb is good: – Dumb networks."— Presentation transcript:

1 NET NEUTRALITY A primer

2 Network Neutrality The promise of the Internet Means networks should be dumb Because for once, dumb is good: – Dumb networks are necessary for open and free communication – Key to innovation – The promise of the Internet

3 Who wouldn’t want this? Telecom providers feel left out of the Internet economy :-( – Dear Google: We’re the reason you’re successful. Shouldn’t you pay us for all the traffic we bring you? Internet Service Providers want to ration bandwidth by application Create tiered access – “value-add” for the consumer – BitTorrent and MMORPGs? $$$

4 Their needs

5

6 The Internets: Not a truck

7 How? Traffic shaping Deep Packet Inspection – Telecom provider buys special box – Special box peeks into your internet connections – Tries to identify applications and services using known patterns – Even encrypted protocols have identifiable patterns..

8

9

10 Meanwhile…

11

12

13

14

15

16

17

18

19

20

21

22 #iranelection JUNE 2009, TEHRAN

23 Censorship in Iran Between 5 and 10 million websites, according to government statements – Dissident and reformist political content – Secular viewpoints – Ba’hai faith, Kurdish movements – Sins: Pornography, drug, alcohol, gambling – Foreign media sites – Tools for circumventing filters – 9% of all Farsi blogs – Myspace, Orkut, Flickr, Bebo, Metacafe, Photobucket, Del.ic.io.us

24 And during the 2009 election..

25 Iran Facts 23 million Internet users in Iran (28 million in Canada) 35% of the Iranian population 60,000 active Farsi blogs 1/3 of the Iranian population is between 15 and 29 years old

26 Circumventing Censorship SSL encrypted proxy servers Freegate Tor OpenVPN tunnels SSH tunnels

27

28 Iran blocking ports? We needed to know if it was true that connections originating inside Iran were being blocked by port We had no friends in Iran to help us test this Then we had an idea..

29

30 Testing Connectivity from Within Iran Follow these steps: – Step 1: Google for publicly accessible FTP server – Step 2: Connect with FTP client and initiate active mode data connection back to client – Step 3: Wait to see if connection successfully completes or not Implemented in a program that did this automatically – Link at the end of presentation

31 Results So how many ports were being blocked? None!

32 However.. There were credible reports from Iran of connectivity problems A pattern emerged – Affected connections are slow, very slow – The port does not matter – Destination does not matter – What matters is the protocol you’re using to communicate

33 An experiment We wanted to verify a theory that deep packet inspection technology was behind the censorship The SSH protocol was chosen Modifications were made to OpenSSH to fully encrypt the initial handshake – To avoid detection by deep packet inspection technology

34 Result Significant performance differences observed between normal SSH and the modified SSH – This strongly suggested that some sort of deep packet inspection technology was being used Later, sources in Iran credibly claimed that Western technology was being used to implement state censorship policy – Packet shaping, deep packet inspection technology – Specific products cited

35 Conclusion By definition, deep-packet inspection, packet shaping technology is censorship technology The introduction of a policy of service or application preference, an intentional bias The technology is not evil – But it can be Similarly, the export of technology to Iran is not a bad thing

36 Thank you!

37 Links http://opennet.net/studies/Iran2009 http://github.com/brl/ftpscan http://github.com/brl/obfuscated-ssh E-mail – bruce@netifera.com – david@netifera.com

Download ppt "NET NEUTRALITY A primer. Network Neutrality The promise of the Internet Means networks should be dumb Because for once, dumb is good: – Dumb networks."

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.

Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Final Presentation Topics 1) Firewalls 1) Firewalls 2) Virtual Private Networks 2) Virtual Private Networks 3) Secure Socket Layer 3) Secure Socket Layer.

Final Presentation Topics 1) Firewalls 1) Firewalls 2) Virtual Private Networks 2) Virtual Private Networks 3) Secure Socket Layer 3) Secure Socket Layer.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Myspace.com What you need to know. What is it?  My Space in theory is a social networking site that allows users to share photos, videos, and text based.

Myspace.com What you need to know. What is it?  My Space in theory is a social networking site that allows users to share photos, videos, and text based.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
Network Neutrality Professor: Robert J. Irwin Computer Science 101 Spring Semester 2007 Describe The Concept: Brandon Niezgoda, class of 2010 Arguments.

Network Neutrality Professor: Robert J. Irwin Computer Science 101 Spring Semester 2007 Describe The Concept: Brandon Niezgoda, class of 2010 Arguments.
Net Neutrality COMP 380 Presentation Alex Cook Prince Yabani.

Net Neutrality COMP 380 Presentation Alex Cook Prince Yabani.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Similar presentations

Ads by Google