Changes between Initial Version and Version 1 of Ticket #20348, comment 80


Ignore:
Timestamp:
Dec 5, 2016, 6:02:59 PM (3 years ago)
Author:
cypherpunks
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20348, comment 80

    initial v1  
    1 > There could be another cause: for example suppose all the DPI boxes count connections to each IP address and upload the logs to a central place, then the firewalls only apply their timing/entropy heuristics to popular destinations. It wouldn't surprise me if a firewall vendor were uploading customer connection logs in order to do data mining on them
    2 
    3 Maybe. however it's too complex for vendor that can't to code entropy estimation properly, and leaks info (customer connection logs).
    4 
    5 If to investigate rtt theory: assume they (wrongly) using every empty ack to update rtt, then:
    6 
    7 riemann 0.00319 - -
    8 ndop3 0.001634 - -
    9 non-def 0.001224 - 0.001626