Changes between Initial Version and Version 1 of doc/PluggableTransports/ideas


Ignore:
Timestamp:
Jul 12, 2016, 5:20:38 PM (17 months ago)
Author:
mrphs
Comment:

moving ideas to its own page

Legend:

Unmodified
Added
Removed
Modified
  • doc/PluggableTransports/ideas

    v1 v1  
     1== Brainstorming for new transports ==
     2 * Use weaknesses of censoring devices
     3   * [https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol SCTP]:  a protocol something like TCP and something like UDP, supported  natively in current operating systems. Your OS probably supports it: `ncat --sctp -l -v` starts an SCTP listener. It may be the case that deployed firewall hardware has poor support for filtering SCTP. There is an [http://linux.die.net/man/7/sctp SCTP sockets API];  it is trivial to change a C program that uses TCP sockets into one that  uses SCTP sockets in a stream-oriented fashion (without using SCTP's  advanced features): just change `IPPROTO_TCP` to `IPPROTO_SCTP`. ~~Unfortunately,  I did not find support for SCTP in any of: Python, Twisted, Go,  libevent; so it may be necessary to write the transport using C sockets.~~ Libs for [https://github.com/philpraxis/pysctp Python] [https://pypi.python.org/pypi/pysctp/ Python] [https://bitbucket.org/cyberroadie/go-sctp Go?].You could prototype this transport using Ncat's SCTP support; for instance the server plugin could be just `ncat --sctp -l <bindaddr> --sh-exec 'ncat localhost <orport>'`. The Webrtc datachannel uses sctp so that could be a good protocol to mimic.
     4 * Popular services
     5   * Apart  from minicry based attempts, most of these are highly unethical as data  transit is being done without the consent, and likely in violation of  the terms of service by the provider.
     6   * Can computer games be used  to tunnel network data? Many people play a lot which means long-lived  connections. Also, sometimes games implement a TCP-based control  connection and a UDP-based transport connection. From the censor's point  of view, messing with computer games might be undesirable as it would  upset plenty of people.  Done by Castle.
     7   * Tunnel over Facebook chat/other chat. See [https://github.com/matiasinsaurralde/facebook-tunnel facebook-tunnel]. It seems that some places give you access to e.g. Facebook but not the whole web.
     8 * Use private messaging functions of popular websites
     9   * facebook(see above)
     10   * ebay
     11   * amazon
     12   * paypal
     13   * google services
     14   * forums
     15   * soundcloud
     16   * twitter
     17 * Obfuscation of data flow(in combination with other pt)
     18   * cbr:  Writes at a constant configurable rate, and embeds payload data in the  junk somehow. May be useful as a layer in a transport composition as  another way to hide a timing signature, or as a rate limiter. Doesn't  have to be obfuscated as that can be in a different layer. Compare [http://www.cs.utexas.edu/~amir/papers/FreeWave.pdf FreeWave] which had good results with CBR VoIP channels. The rate can be configurable through the command line or SOCKS parameters:
     19{{{
     20  ClientTransportPlugin cbr exec /usr/bin/cbr-client --rate=40k
     21  Bridge cbr X.X.X.X:YYYY rate=40k
     22}}}
     23
     24 * Too hot to touch candidates (See the note regarding dead parrot attacks)
     25   * bgp and other routing protocols: its important for the infrastructure and was even used to enforce censorship.
     26   * industrial, telemetry and military protocols(scada,lonworks,...). no censor wants to upset their govermnent or investors.
     27   * important internet infrastucture: ntp sql radius hadoop mongodb
     28   * [[DnsPluggableTransport|DNS   pluggable transport]]. Encode data in recursive DNS queries and   responses. Your local recursive resolver sends your packets to the right   place. A dns bridge would be an authoritative name server for a   particular domain; users would configure a domain rather than an IP   address in their `Bridge` lines. Tools already exist to do DNS tunneling, for example [http://code.kryo.se/iodine/ iodine] and [http://wiki.skullsecurity.org/Dnscat dnscat]. Probably requires a reliability layer and periodic polling by the client.
     29 * Provide a long and relativly high bandwidth flow to hide data in (See the note regarding dead parrot attacks)
     30   * ventrillo, teamspeak and mumble
     31   * various streaming protocols
     32   * rdp, rfb(vnc) and teamviewer: possible too hot to touch too. nobody wants shut down tech support.
     33 * Imitate legit services (See the note regarding dead parrot attacks)
     34   * Webserver running forum software or cms. Data is transmitted via posting using software that is usually being used to spam
     35   * emails
     36 * Data steganography (in combination with other pt)
     37   * video, image and audio steganography
     38   * legit message steganography. make connections look like normal conversation by using chatbots.
     39   * use off the shelf filetype conversion tools to mimic valid filetypes
     40   * [https://github.com/bramcohen/DissidentX/ DissidentX]: Bram Cohen's steganography scheme. It `encodes messages in files on the web`. Worth looking at (but might not scale very well for a PT).
     41
     42==  ==