nDPI/tests/cfgs/openvpn_heuristic_enabled/pcap at 04cd23074febba4e4d75e00113435beacf0c8a73 - vrr/nDPI

vrr/nDPI

mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00

History

Ivan Nardi 0ddbda1f82 Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547 ) Based on the paper: "OpenVPN is Open to VPN Fingerprinting" See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Basic idea: * the distribution of the first byte of the messages (i.e. the distribution of the op-codes) is quite unique * this fingerprint might be still detectable even if the OpenVPN packets are somehow fully encrypted/obfuscated The heuristic is disabled by default.	2024-09-16 18:38:26 +02:00
..
openvpn_obfuscated.pcapng	Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547 )	2024-09-16 18:38:26 +02:00

Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547 )

Based on the paper: "OpenVPN is Open to VPN Fingerprinting"
See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen

Basic idea:
* the distribution of the first byte of the messages (i.e. the distribution
of the op-codes) is quite unique
* this fingerprint might be still detectable even if the OpenVPN packets are
somehow fully encrypted/obfuscated

The heuristic is disabled by default.

2024-09-16 18:38:26 +02:00

openvpn_obfuscated.pcapng

Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547 )

2024-09-16 18:38:26 +02:00