Changes between Initial Version and Version 1 of Ticket #20348, comment 91


Ignore:
Timestamp:
Dec 5, 2016, 6:01:24 PM (2 years ago)
Author:
cypherpunks
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20348, comment 91

    initial v1  
    1 > There could be another cause: for example suppose all the DPI boxes count connections to each IP address and upload the logs to a central place, then the firewalls only apply their timing/entropy heuristics to popular destinations. It wouldn't surprise me if a firewall vendor were uploading customer connection logs in order to do data mining on them.
    2 
    3 They no need to send it to central place, box can to count connections locally to skip all new addr:port. But then why need to count entropy every time for already known addr:port? Why so complex?