Black Hat: Researcher creates Net neutrality test
The technique will eventually be offered as a free software tool
IDG News Service - A Seattle-based security researcher has devised a way to test for Net neutrality.
Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, today at the Black Hat USA security conference in Las Vegas. The software can tell whether computers are treating some types of TCP/IP traffic better than others -- dropping data that is being used in voice-over-IP (VoIP) calls or treating encrypted data as second-class, for example.
The U.S. Congress is presently debating whether to enact Net neutrality laws that would prevent this from happening. Net neutrality would force Internet service providers such as AT&T Inc. and Comcast Corp. to give all Internet traffic the same quality of service. Advocates of these laws say they are essential to preserving the openness that has made the Internet a success. Broadband providers say that such laws could prevent them from developing a new generation of services.
Kaminsky calls his technique "TCP-based active probing for faults." He says that the software he's developing will be similar to the Traceroute Internet utility that is used to track what path Internet traffic takes as it hops between two machines on different ends of the network.
But unlike Traceroute, Kaminsky's software will be able to make traffic appear as if it is coming from a particular carrier or is being used for a certain type of application, like VoIP. It will also be able to identify where the traffic is being dropped and could ultimately be used to finger service providers that are treating some network traffic as second-class.
At this week's Black Hat conference, Kaminsky will show how to perform a basic version of TCP-based Active Probing using currently available tools. He said in an interview yesterday that he will release his own, more sophisticated software sometime within the next six months as part of a free suite of tools called Paketto Keiretsu Version 3.
The security researcher said he is curious to see what people do with his software. "People are going to start looking [at networks] and who knows what they are going to find," he said.
Already, a handful of carriers have tried blocking certain types of Internet services. In March 2005, the Federal Communications Commission fined Madison River Communications Corp. $15,000 for blocking Vonage Holdings Corp.'s VoIP service. Since then, the FCC has changed its broadband carrier requirements, and it's unclear whether it would again issue a similar fine.
Kaminsky said he believes that Net neutrality will eventually become law and that the type of software he is developing will help keep the carriers honest. "If you're going to enforce by law that networks be neutral, the question becomes, 'How do you test for this?'" he said. "I'm going to make sure that the tools are going to be in place."
Kaminsky plans to post information on TCP-based active probing for faults at www.doxpara.com.
- IT Blogwatch Black Hat net neutrality test (and odd Google Earth uses)
- C.J. Kelly: 'Go West' -- Don't go wireless at Black Hat
- IT Blogwatch: Net neutrality: Senate sedated (and expensive dialog box)
- C.J. Kelly: I'm going to Black Hat!
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Mobile Policy Checklist
- Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day
- The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements
- This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Understanding big data so you can act with confidence
- Automating information integration and governance and employing it at the point of data creation helps organizations boost confidence in their big data. All Government IT White Papers
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information...
- PST Archiving: What is it and How is it Done? Learn more about what PST data is, the risks relating to it, and how the new PST Archiving feature in the Simpana 10...
- How to Select the Right IoT Platform We are rapidly entering a world where almost everything will be connected to the cloud and managing these connected things and leveraging the...
- All Government IT Webcasts