vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-30 07:59:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/cfgs/openvpn_heuristic_enabled/config.txt
Ivan Nardi 0ddbda1f82
Add an heuristic to detect encrypted/obfuscated OpenVPN flows (#2547) 
Based on the paper: "OpenVPN is Open to VPN Fingerprinting"
See: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen

Basic idea:
* the distribution of the first byte of the messages (i.e. the distribution
of the op-codes) is quite unique
* this fingerprint might be still detectable even if the OpenVPN packets are
somehow fully encrypted/obfuscated

The heuristic is disabled by default.
2024-09-16 18:38:26 +02:00

1 line
66 B
Text
Raw Blame History

--cfg=openvpn,dpi.heuristics,0x01 --cfg=packets_limit_per_flow,64
Reference in a new issue View git blame Copy permalink