Delivery-Date: Wed, 01 Jun 2016 02:05:44 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 174C71E0B49;
	Wed,  1 Jun 2016 02:05:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D06CDE0EA4;
	Wed,  1 Jun 2016 06:05:37 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DF261E0E96
 for <tor-talk@lists.torproject.org>; Wed,  1 Jun 2016 06:05:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id PH8BokgD1iqs for <tor-talk@lists.torproject.org>;
 Wed,  1 Jun 2016 06:05:34 +0000 (UTC)
Received: from mail-lf0-f97.google.com (mail-lf0-f97.google.com
 [209.85.215.97])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id B423FE0E44
 for <tor-talk@lists.torproject.org>; Wed,  1 Jun 2016 06:05:34 +0000 (UTC)
Received: by mail-lf0-f97.google.com with SMTP id r1so379961lfi.3
 for <tor-talk@lists.torproject.org>; Tue, 31 May 2016 23:05:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:to:from:subject:message-id:date:user-agent
 :content-transfer-encoding;
 bh=zh32q88zL3GMTIEXMevu6h7S7NLlXp4NBvMPkOV7R3E=;
 b=mZxqSJUGIO2CSnARaPkWeBf4bli90HnGuSREoGxJr5+FL02bDtCdin9Y/48n1RJtox
 V3DhgAYE5dGBrDn+Rgy79NOP+VokKyTptjC+514vxbxywThrRGl2VfK5cq1Rsac5pZgA
 A8xQipB1IUG2zzndvqpP+oI0ixtWJ0P9hL2ryCf8od6qaixET1gR0wg8Ysuy7wp1IbBl
 d55scQ9xI1ndb1BAQLn9DewBiUJImYX2LNkZxz9tog/voWOtOOQqH1FTBbSsOSpGJtgD
 bBBbisQMyJH3GwrqMP69qPNLUJnCNCDKpM8hrxMJvEQ1AuZ9t1X9wMeoTG4pUmlmnI8I
 qZEQ==
X-Gm-Message-State: ALyK8tIsExs3wDn3lNYJoLWNeKg104I2IefN0I40SGatdZebEV/JVav9wLEFLI8aEDkcWRAqIoDXsicEvmbqkL2dBkQjkHFJ
X-Received: by 10.194.80.42 with SMTP id o10mr1547394wjx.117.1464761131901;
 Tue, 31 May 2016 23:05:31 -0700 (PDT)
Received: from apps.globaleaks.org (demo.globaleaks.org. [194.150.168.64])
 by smtp-relay.gmail.com with ESMTPS id q2sm4266030wjz.3.2016.05.31.23.05.31
 for <tor-talk@lists.torproject.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 31 May 2016 23:05:31 -0700 (PDT)
X-Relaying-Domain: apps.globaleaks.org
To: tor-talk@lists.torproject.org
From: "Fabio Pietrosanti (naif) - lists" <lists@infosecurity.ch>
Message-ID: <a9dce332-4405-0213-b098-a12665d97dd9@infosecurity.ch>
Date: Wed, 1 Jun 2016 08:05:22 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.1.0
Subject: [tor-talk] Ntop nDPI 1.8 with enhanced Tor protocol dissector
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hello,

the cool ntop project (www.ntop.org) has released it's opensource DPI
(Deep Packet Inspection) engine with enhanced Tor protocol dissector and
support http://www.ntop.org/ndpi/released-ndpi-1-8/ .

They do it by looking at the hostname pattern being used in the TLS
handshake.

Community-wise, which is the best way to deal with opensource code that
facilitate high-performance detection of Tor traffic pattern (likely to
be used by who would like to profile Tor users) ?

a. Kindly ask them to re-consider releasing high-performance tools
available to detect Tor traffic?
b. Engage in a opensource-code arm-race for detection and anti-detection?
c. Does nothing?

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

