IP Blocking
IP Blocking is one of the most basic methods for censorship, as it simply prevents all packets going to or from targeted IP addresses.
But while these sorts of operations are relatively simple to execute, they don't tackle the problem of individual communications between users, especially if the users have set up multi-hop circuits that use multiple servers to create a proxy ring.
Traffic Classification (QoS)
This is a much more sophisticated method of blocking traffic than IP blocking, as one can halt any file sent through a certain type of protocol, such as FTP. Because we know that FTP transfers are most often sent through TCP port 21, they can simply limit the bandwidth available on that port and throttle transfers. "it is not too resource intensive and is fairly easy to set up."
Shallow Packet Inspection
Shallow packet inspection is basically a blunter, broader version of the deep packet inspection (DPI) technique that is used to block packets based on their content. But unlike DPI, which intercepts packets and inspects their fingerprints, headers and payloads, shallow packet inspection makes broad generalities about traffic based solely on checking out the packet header.
"Shallow packet inspection is more judging a book by its cover. If a packet says that it's SSL (Secure Sockets Layer) in the header, then a shallow packet inspector takes it at face value."
Packet Fingerprinting
This is a slightly more refined method of throttling packets than shallow packet inspection, as it looks not only at the packet header but at its length, frequency of transmission and other characteristics to make a rough determination of its content.
"A lot of things don't explicitly say what they are. For example, a lot of VPN traffic is indistinguishable from SSH traffic, which means that it would be throttled if SSH was,". "But what if businesses relied on VPN connections? You'd move the system to fingerprinting, where the two are easily distinguishable."
Deep Packet Inspection / Packet Content Filtering
DPI is the most refined method for blocking Internet traffic. As mentioned above, deep packet inspectors examine not only a packet's header but also its payload. This gives the ability to filter packets at a more surgical level than any of the other techniques discussed so far.
"Viewing a packet's contents doesn't tell you much on its own, especially if it's encrypted," . "But combining it with the knowledge gained from fingerprinting and shallow packet inspection, it is usually more than enough to figure out what sort of traffic you're looking at."
No comments:
Post a Comment