Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-22 Thread Yawning Angel
On Sat, 22 Aug 2015 14:40:08 -0700 Kevin P Dyer wrote: > Ah, gotcha. It's not RFC compliant. RFC2616 was created in 1999 and > there are tons of HTTP-like implementations since then that, > ostensibly, don't need to follow it. (e.g., an HTTP-like > client/server that only talk to each other.) A n

Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-22 Thread Kevin P Dyer
On Sat, Aug 22, 2015 at 12:43 AM, Yawning Angel wrote: > On Fri, 21 Aug 2015 17:51:20 -0700 > Kevin P Dyer wrote: > > > On Wed, Aug 19, 2015 at 11:58 AM, Yawning Angel > > wrote: > > > > > [snip] > > > > > > The FTE semantic attack they presented isn't the easiest one I know > > > of (the GET r

Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-22 Thread Yawning Angel
On Fri, 21 Aug 2015 17:46:39 -0700 Kevin P Dyer wrote: > > The authors suggest active probing to reduce false > > > positives, but don't mention that this doesn't work against obfs4 > > and > > > meek. > > I don't want to get too off track here, but do obfs4 and meek really > resist against ac

Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-22 Thread Yawning Angel
On Fri, 21 Aug 2015 17:51:20 -0700 Kevin P Dyer wrote: > On Wed, Aug 19, 2015 at 11:58 AM, Yawning Angel > wrote: > > > [snip] > > > > The FTE semantic attack they presented isn't the easiest one I know > > of (the GET request as defined by the regex is pathologically > > malformed). > > > > V

Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-21 Thread Kevin P Dyer
On Wed, Aug 19, 2015 at 11:58 AM, Yawning Angel wrote: > [snip] > > The FTE semantic attack they presented isn't the easiest one I know of > (the GET request as defined by the regex is pathologically malformed). > Very interesting! This is news to me. I'm assuming I did something silly. (Even th

Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-21 Thread Kevin P Dyer
Hey Philipp! Thanks for the interest! I'm one of the authors on the paper. My response is inline. On Wednesday, August 19, 2015, Philipp Winter wrote: > > > > They claim that they are able to detect obfs3, obfs4, FTE, and meek > usin

Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-19 Thread Yawning Angel
NB: quickly responding before I go to bed. On Wed, 19 Aug 2015 14:13:03 -0400 Philipp Winter wrote: > > > They claim that they are able to detect obfs3, obfs4, FTE, and meek > using entropy analysis and machine learning. Not surprised fo

[tor-dev] "Seeing through Network-Protocol Obfuscation"

2015-08-19 Thread Philipp Winter
They claim that they are able to detect obfs3, obfs4, FTE, and meek using entropy analysis and machine learning. I wonder if their dataset allows for such a conclusion. They use a (admittedly, large) set of flow traces gathered at a colle