On 01/06/14 01:19, Bill Stewart wrote:
At 10:15 AM 5/31/2014, davidroman96 wrote:
We know that the sources ips generally are dropped, this is the only problem that we have. But if multiple hosts can use the same ip how the connection can be traced? Only the ISP have the information, the receiver don't know anything a part from the content of the packet.
That's part of the problem - the receiver doesn't know anything, even the contents of the packet, because any good ISP will drop the packets instead of allowing the sender to send them. If you can find a collection of bad ISPs who can send forged-source packets to each other across the public Internet, maybe you have some chance, but that kind of bad ISP is also a target for spy agencies and for criminals.
Normally, UDP is fine, but it isn't TCP. A popular thing for UDP applications to do is to reinvent TCP badly. If you need to do TCP things, and only have UDP for some reason, you can reinvent most of TCP well, but only if you understand it well. The UDP versions of Bittorrent, for instance, were written by people who not only understood TCP and UDP well, but experimented a lot with scale.
A very good ISP will not only drop forged-source packets, they'll hunt down the sender and kill it. Somebody mentioned Netflow - many large ISPs record that level of information, with the source and destination IP addresses, port numbers, protocol, and router information, and sometimes also link-layer addresses if the link layer uses them. If you sent a packet from 192.9.200.1, your ISP will probably drop it at the originating router, and will log an error message that says it dropped that on your access line, and if it sees a lot of them, they'll go check out why. If you use a small ISP that doesn't bother checking for forged source addresses, they'll be using a larger ISP for long-haul connections that will notice.
We know that ISP have the 100% of information, but the idea was to give less information to the receiver. Even yet I couldn't find any transparent ISP, seems that all ISPs are trolls xD, maybe pirateISP are more transparent¿?...
On 2014-05-31 18:39, davidroman96 wrote:
On 01/06/14 01:19, Bill Stewart wrote:
At 10:15 AM 5/31/2014, davidroman96 wrote:
We know that the sources ips generally are dropped, this is the only problem that we have. But if multiple hosts can use the same ip how the connection can be traced? Only the ISP have the information, the receiver don't know anything a part from the content of the packet.
That's part of the problem - the receiver doesn't know anything, even the contents of the packet, because any good ISP will drop the packets instead of allowing the sender to send them. If you can find a collection of bad ISPs who can send forged-source packets to each other across the public Internet, maybe you have some chance, but that kind of bad ISP is also a target for spy agencies and for criminals.
Normally, UDP is fine, but it isn't TCP. A popular thing for UDP applications to do is to reinvent TCP badly. If you need to do TCP things, and only have UDP for some reason, you can reinvent most of TCP well, but only if you understand it well. The UDP versions of Bittorrent, for instance, were written by people who not only understood TCP and UDP well, but experimented a lot with scale.
A very good ISP will not only drop forged-source packets, they'll hunt down the sender and kill it. Somebody mentioned Netflow - many large ISPs record that level of information, with the source and destination IP addresses, port numbers, protocol, and router information, and sometimes also link-layer addresses if the link layer uses them. If you sent a packet from 192.9.200.1, your ISP will probably drop it at the originating router, and will log an error message that says it dropped that on your access line, and if it sees a lot of them, they'll go check out why. If you use a small ISP that doesn't bother checking for forged source addresses, they'll be using a larger ISP for long-haul connections that will notice.
We know that ISP have the 100% of information, but the idea was to give less information to the receiver. Even yet I couldn't find any transparent ISP, seems that all ISPs are trolls xD, maybe pirateISP are more transparent¿?...
But, doesn't the above mean that the receiver won't ever get your email because the packets will be dropped before they get to him?
On 01/06/14 03:19, Juan wrote:
We know that ISP have the 100% of information, The ISPs are just branchs of the government, so what's the point?
To difficult the espionage and try to improve anonymity. Without open and transparent organisms (ISP, governments, etc) real privacy and anonymity is impossible.
On 01/06/14 at 10:39am, davidroman96 wrote:
To difficult the espionage and try to improve anonymity. Without open and transparent organisms (ISP, governments, etc) real privacy and anonymity is impossible.
You are still ignoring my advice to read something about DC nets. Unfortunately, you are so committed with your opinions, even when facing a blocking problems (like ISP-blocking your spoofed traffic) that is near impossible to ''guide`` you. Even in real life, your approach is totally broken; you should stand on the shoulders of giants and, if you can, add little pieces to well known state-of-art. So, instead to wrote / invent / make an anonymous system from scratch, go using [1] and studying it. From its webpage: Dissent builds on dining cryptographers and verifiable shuffle algorithms to offer provable anonymity guarantees, even in the face of traffic analysis attacks, of the kinds likely to be feasible for authoritarian governments and their state-controlled ISPs for example. Dissent seeks to offer accountable anonymity, giving users strong guarantees of anonymity while also protecting online groups or forums from anonymous abuse such as spam, Sybil attacks, and sockpuppetry. Unlike other systems, Dissent can guarantee that each user of an online forum gets exactly one bandwidth share, one vote, or one pseudonym, which other users can block in the event of misbehavior. In your previous email, you clearly doesn't know what you're talking about. Disclaimer: I'm not frustrated, thwarted or something like this, I'm only trying to help you in the only way I know. [1] http://dedis.cs.yale.edu/dissent/
On 01/06/14 11:14, danimoth wrote:
On 01/06/14 at 10:39am, davidroman96 wrote:
To difficult the espionage and try to improve anonymity. Without open and transparent organisms (ISP, governments, etc) real privacy and anonymity is impossible. You are still ignoring my advice to read something about DC nets. Unfortunately, you are so committed with your opinions, even when facing a blocking problems (like ISP-blocking your spoofed traffic) that is near impossible to ''guide`` you. Even in real life, your approach is totally broken; you should stand on the shoulders of giants and, if you can, add little pieces to well known state-of-art.
So, instead to wrote / invent / make an anonymous system from scratch, go using [1] and studying it. From its webpage:
Dissent builds on dining cryptographers and verifiable shuffle algorithms to offer provable anonymity guarantees, even in the face of traffic analysis attacks, of the kinds likely to be feasible for authoritarian governments and their state-controlled ISPs for example.
Dissent seeks to offer accountable anonymity, giving users strong guarantees of anonymity while also protecting online groups or forums from anonymous abuse such as spam, Sybil attacks, and sockpuppetry. Unlike other systems, Dissent can guarantee that each user of an online forum gets exactly one bandwidth share, one vote, or one pseudonym, which other users can block in the event of misbehavior.
In your previous email, you clearly doesn't know what you're talking about.
Disclaimer: I'm not frustrated, thwarted or something like this, I'm only trying to help you in the only way I know.
Our idea is not to build a perfect program, is to build a program to accomplish one goal and improve it as we learn more (in deep cryptography we are newbies) to do it more useful (and publish it when / if we get to a reasonable level), but the first step is to present the idea to be criticized I think. We will learn more about cryptography and alternative nets (like DC nets), thank to all.
participants (4)
-
Cypher -
danimoth -
davidroman96 -
Juan