Skip to Main Content
QoS applications rely on accurate detection of protocols in order to effectively manage traffic passing across networks. Peer-to-peer developers already use encryption and network overlays to bypass ISP traffic shaping but their methods only obfuscate telltale signatures. Unidentifiable or encrypted traffic can still be classified as such and therefore can still be managed. The author addresses the feasibility of using protocol mimicry to invoke deliberate false positives in order to bypass existing traffic analysis systems by masquerading as web browsing and VoIP traffic. Statistical analysis is undertaken to determine the costs associated with such modifications. It is found that peer-to-peer protocols can easily be modified to be incorrectly identified as genuine web and voice traffic without impractical increases in bandwidth consumption. The incorrect classification of such traffic can cause havoc with regard to priority-based queuing mechanisms, whereas allowing users to use throttled applications without restrictions. It is certainly feasible for file-sharing protocols such as BitTorrent being further developed to mimic the traits of less throttled protocols to bypass traffic shaping. This poses a huge risk to future ISP and corporate traffic management.
Date of Publication: July 22 2011