Re: Hiding NATs with PF
From: Daniel Hartmeier (daniel_at_benzedrine.cx)
Date: 09/29/05
- Next message: Simon Farnsworth: "Re: Hiding NATs with PF"
- Previous message: Antti Nykänen: "Re: KDE 3.4.2"
- In reply to: tedu: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Greg Hennessy: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 29 Sep 2005 04:25:42 GMT
On 28 Sep 2005 09:52:29 -0700, tedu wrote:
> Does synproxy create a new packet or just tweak the ip of the original?
Good point. It does create a new one. But the handshake isn't the only
evidence to detect different stacks. I guess it depends on how clever
the ISP is.
They might not even look at TCP fingerprints, but do simple traffic
analysis. Like, two nearly concurrent requests from Windows boxen to
their update service, two applications checking for updates at a
higher rate than expected from a single client, two parallel request
to google, etc.
Daniel
- Next message: Simon Farnsworth: "Re: Hiding NATs with PF"
- Previous message: Antti Nykänen: "Re: KDE 3.4.2"
- In reply to: tedu: "Re: Hiding NATs with PF"
- Next in thread: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Max Bolingbroke: "Re: Hiding NATs with PF"
- Reply: Greg Hennessy: "Re: Hiding NATs with PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
