[LINK] EFF "Switzerland" packet monitor tool looks for ISP meddling
Roger Clarke
Roger.Clarke at xamax.com.au
Sun Aug 3 15:36:23 AEST 2008
[A tool developed by Australian Peter Eckersley for EFF, and us:
http://www.cs.mu.oz.au/~pde/bio/index.html
http://www.eff.org/about/staff/peter-eckersley
EFF "Switzerland" packet monitor tool looks for ISP meddling
By Nate Anderson | Published: August 01, 2008 - 12:55PM CT
http://arstechnica.com/news.ars/post/20080801-eff-switzerland-packet-monitor-tool-looks-for-isp-meddling.html
In recent years, ISPs have taken an increased interest in faking
packets, and for some mysterious reason, they don't always like to
make this fact perfectly clear to customers. Hoping to bring power to
the people, the Electronic Frontier Foundation (EFF) yesterday
released a tool called "Switzerland" that can help users find out if
an ISP is modifying packets or injecting packets of its own into any
protocol. The tool is open source and available now for download, but
there's a reason that EFF refers to the current release as "Version
Zero."
The software, designed to see if an ISP is delivering packets
"neutrally" (hence the Switzerland reference), has undergone in-house
development for some time. EFF Staff Technologist Peter Eckersley
coded the initial version, which has now been opened up and made
available on SourceForge. Enterprising network hackers (and GUI
experts) are needed to continue development of version 0.0.4.
[See http://www.eff.org/testyourisp/switzerland ]
The app, coded in Python, runs on Linux, OS X, and Windows, but
currently operates only in a command-line version that can take a
fair bit of technical skill to install (the backup installation
instructions involve a compiler). Once running, the software uses a
"semi-P2P, server-and-many-clients architecture" to monitor all
packets sent from the clients to the server; if any are altered in
transit or appear at the server without being sent from the client,
the software alerts the user that packets are being modified or
injected somewhere between the two machines.
The software is protocol agnostic, which means that it can be used to
find both the TCP reset packets that Comcast has used to limit
BitTorrent uploading and the code injected by NebuAd's ISP-based
ad-serving system. Development was inspired by the Comcast case, and
the software was fittingly announced the day before the FCC vote that
brought the matter to a close.
"Until now, there hasn't been a reliable way to tell if somebody-a
hacker, an ISP, corporate firewall, or the Great Firewall of China-is
modifying your Internet traffic en route," said Eckersley in a
statement. "The few tests available have been for narrow and specific
kinds of interference, or have required tremendous amounts of
advanced forensic labor. Switzerland is designed to make
general-purpose ISP testing faster and easier."
It's not there yet, but the EFF hopes that one day, Switzerland will
pump copious amounts of data into its "Test Your ISP Project." The
project gathers white papers, test results, and network testing
software into a single repository so that users can find out exactly
what ISPs are doing with their packets. While companies like Comcast
have already pledged to be better about disclosure, the EFF is fan of
the "trust... but verify" approach.
"At a minimum, consumers deserve a complete description of what they
are getting when they buy 'unlimited Internet access' from an ISP,"
says the Test Your ISP project page. "Only if they know what is going
on and who is to blame for deliberate interference can consumers make
informed choices about which ISP to prefer (to the extent they have
choices among residential broadband providers) or what
counter-measures they might employ."
If the FCC lacks the resources to proactively examine ISP network
management, and ISPs themselves aren't always up for full disclosure,
tools like Switzerland should let consumers know what to expect from
an ISP. Finding a better one, though, may be more difficult.
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list