Anonymous sends:
Please note the following, current as of 1700hrs GMT 29Sep2008:
The following concerns security measures can be used to thwart NSA's TCP/IP
traffic analysis program.
The program has a primary focus on traffic analysis of WAN Asynchronous Transfer
Mode (ATM) cell header and payload data at those IXPs globally that employ
Cisco Systems routing equipment.
Concerned persons should implement the following:
(1) If possible, ensure that your network routing equipment's ATM switched
virtual connections and permanent virtual connections are disabled; AND
(2) Tunnel your TCP/IP connections over a new SSH2 session for each and every
new WAN TCP/IP routed connection (for EVERY transmission to any WAN address);
AND
(3) Create transmission latency for each of your new WAN SSH2-enabled TCP/IP
routed connections through a modified SSH login command such as:
ssh -N -L 6000:localhost:4000 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
-l User 1.2.3.4 -l User 1.2.3.4 -l User 1.2.3.4
Note that localhost is on port 6000 and remote web host proxy is on port
4000; username is User (if using SSH user authentication); and remote SSH
server IP is 1.2.3.4; transmission latency is created with multiples of -l
User 1.2.3.4.
More to follow on creating transmission latency when using remote port forwarding
through OpenVPN.
If your server traffic is a specific collection target of NSA/Level3
Communications Regional Security Center (NSA/CSS Georgia) at Fort Gordon
Georgia USA or of one of NSA's non-US affiliates, flagging of sniffed IXP
traffic for subsequent analysis can only be triggered by your server's SECOND
or subsequent routing connection to one or more WAN addresses.
Perhaps surprisingly, if your server's traffic is a collection target, your
users' use of the above SSH transmission latency will also actually increase
users' upload and download speeds during SSH2 sessions.
|