Thwarting NSA Traffic Analysis

Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

29 September 2008

Anonymous sends:
Please note the following, current as of 1700hrs GMT 29Sep2008:
The following concerns security measures can be used to thwart NSA's TCP/IP traffic analysis program.
The program has a primary focus on traffic analysis of WAN Asynchronous Transfer Mode (ATM) cell header and payload data at those IXPs globally that employ Cisco Systems routing equipment.
Concerned persons should implement the following:
(1) If possible, ensure that your network routing equipment's ATM switched virtual connections and permanent virtual connections are disabled; AND
(2) Tunnel your TCP/IP connections over a new SSH2 session for each and every new WAN TCP/IP routed connection (for EVERY transmission to any WAN address); AND
(3) Create transmission latency for each of your new WAN SSH2-enabled TCP/IP routed connections through a modified SSH login command such as:
ssh -N -L 6000:localhost:4000 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
Note that localhost is on port 6000 and remote web host proxy is on port 4000; username is User (if using SSH user authentication); and remote SSH server IP is 1.2.3.4; transmission latency is created with multiples of -l User 1.2.3.4.
More to follow on creating transmission latency when using remote port forwarding through OpenVPN.
If your server traffic is a specific collection target of NSA/Level3 Communications Regional Security Center (NSA/CSS Georgia) at Fort Gordon Georgia USA or of one of NSA's non-US affiliates, flagging of sniffed IXP traffic for subsequent analysis can only be triggered by your server's SECOND or subsequent routing connection to one or more WAN addresses.
Perhaps surprisingly, if your server's traffic is a collection target, your users' use of the above SSH transmission latency will also actually increase users' upload and download speeds during SSH2 sessions.