[LINK] EFF "Switzerland" packet monitor tool looks for ISP meddling

Roger Clarke Roger.Clarke at xamax.com.au
Sun Aug 3 15:36:23 AEST 2008 

[A tool developed by Australian Peter Eckersley for EFF, and us:
http://www.cs.mu.oz.au/~pde/bio/index.html
http://www.eff.org/about/staff/peter-eckersley


EFF "Switzerland" packet monitor tool looks for ISP meddling
By Nate Anderson | Published: August 01, 2008 - 12:55PM CT
http://arstechnica.com/news.ars/post/20080801-eff-switzerland-packet-monitor-tool-looks-for-isp-meddling.html

In recent years, ISPs have taken an increased interest in faking 
packets, and for some mysterious reason, they don't always like to 
make this fact perfectly clear to customers. Hoping to bring power to 
the people, the Electronic Frontier Foundation (EFF) yesterday 
released a tool called "Switzerland" that can help users find out if 
an ISP is modifying packets or injecting packets of its own into any 
protocol. The tool is open source and available now for download, but 
there's a reason that EFF refers to the current release as "Version 
Zero."

The software, designed to see if an ISP is delivering packets 
"neutrally" (hence the Switzerland reference), has undergone in-house 
development for some time. EFF Staff Technologist Peter Eckersley 
coded the initial version, which has now been opened up and made 
available on SourceForge. Enterprising network hackers (and GUI 
experts) are needed to continue development of version 0.0.4.

[See http://www.eff.org/testyourisp/switzerland ]

The app, coded in Python, runs on Linux, OS X, and Windows, but 
currently operates only in a command-line version that can take a 
fair bit of technical skill to install (the backup installation 
instructions involve a compiler). Once running, the software uses a 
"semi-P2P, server-and-many-clients architecture" to monitor all 
packets sent from the clients to the server; if any are altered in 
transit or appear at the server without being sent from the client, 
the software alerts the user that packets are being modified or 
injected somewhere between the two machines.

The software is protocol agnostic, which means that it can be used to 
find both the TCP reset packets that Comcast has used to limit 
BitTorrent uploading and the code injected by NebuAd's ISP-based 
ad-serving system. Development was inspired by the Comcast case, and 
the software was fittingly announced the day before the FCC vote that 
brought the matter to a close.

"Until now, there hasn't been a reliable way to tell if somebody-a 
hacker, an ISP, corporate firewall, or the Great Firewall of China-is 
modifying your Internet traffic en route," said Eckersley in a 
statement. "The few tests available have been for narrow and specific 
kinds of interference, or have required tremendous amounts of 
advanced forensic labor. Switzerland is designed to make 
general-purpose ISP testing faster and easier."
It's not there yet, but the EFF hopes that one day, Switzerland will 
pump copious amounts of data into its "Test Your ISP Project." The 
project gathers white papers, test results, and network testing 
software into a single repository so that users can find out exactly 
what ISPs are doing with their packets. While companies like Comcast 
have already pledged to be better about disclosure, the EFF is fan of 
the "trust... but verify" approach.

"At a minimum, consumers deserve a complete description of what they 
are getting when they buy 'unlimited Internet access' from an ISP," 
says the Test Your ISP project page. "Only if they know what is going 
on and who is to blame for deliberate interference can consumers make 
informed choices about which ISP to prefer (to the extent they have 
choices among residential broadband providers) or what 
counter-measures they might employ."

If the FCC lacks the resources to proactively examine ISP network 
management, and ISPs themselves aren't always up for full disclosure, 
tools like Switzerland should let consumers know what to expect from 
an ISP. Finding a better one, though, may be more difficult.


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list