Bypassing Deep Packet Inspection: Tunneling Traffic Over TLS VPN

In some countries network operators employ deep packet inspection techniques to block certain types of traffic. For example Virtual Private Network VPN traffic can be analyzed and blocked to prevent users from sending encrypted packets over such networks.

By observing that HTTPS works all over the world configured for an extremely large number of web-servers and cannot be easily analyzed the payload is usually encrypted we argue that in the same manner VPN tunneling can be organized By masquerading the VPN traffic with TLS or its older version 8211 SSL we can build a reliable and secure network. Packets which are sent over such tunnels can cross multiple domains which have various strict and not so strict security policies. Despite that the SSH can be potentially used to build such network we have evidence that in certain countries connections made over such tunnels are analyzed statistically If the network utilization by such tunnels is high bursts do exist or connections are long-living then underlying TCP connections are reset by network operators.


Read Full Post

News Link:

Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!

Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.

Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.