Changes between Version 1 and Version 2 of Ticket #20348, comment 80


Ignore:
Timestamp:
Jan 21, 2017, 6:04:16 PM (2 years ago)
Author:
dcf
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20348, comment 80

    v1 v2  
     1> There could be another cause: for example suppose all the DPI boxes count connections to each IP address and upload the logs to a central place, then the firewalls only apply their timing/entropy heuristics to popular destinations. It wouldn't surprise me if a firewall vendor were uploading customer connection logs in order to do data mining on them
     2
     3Maybe. however it's too complex for vendor that can't to code entropy estimation properly, and leaks info (customer connection logs).
     4
     5If to investigate rtt theory: assume they (wrongly) using every empty ack to update rtt, then:
     6
     7riemann 0.00319 - -
     8ndop3 0.001634 - -
     9non-def 0.001224 - 0.001626