| Simple solution to Sandvine: IPSEC There is no need to get angry when you can easily get even. There is a very simple and effective way to defeat Sandvine: IPSEC (IP Security), also known as VPN (Virtual Private Networks). I helped develop it.
Sandvine apparently works by forging TCP "reset" packets causing the parties to abort the transfer. The "Great Firewall of China" uses the very same method, a point that ought to be publicized.
IPSEC was SPECIFICALLY designed to solve this exact problem. Every packet is individually encrypted and authenticated. Spoofed packets are discarded. Sandvine can't even see the TCP header, much less muck with it.
IPSEC is the basis of corporate VPNs. It is standard in Linux and optional in other operating systems. Bit Torrent clients, in fact every Internet application, should implement IPSEC and automatically use it whenever the other end also supports it. If the ISPs filter the standard IPSEC protocol numbers, use different numbers. IPSEC could even be disguised as secure web traffic which the ISPs would never dare block because of the likely outcry from e-tailers. We all know that buying stuff is the only "legitimate" use of the Internet...
SSH tunnels, and even the link encryption already in some Bit Torrent clients is insufficient. This kind of encryption operates above TCP, so Sandvine can still muck with it. You must use IPSEC/VPNs that authenticate every IP packet.
Once we put an end to this unilateral nonsense, then maybe the P2P users and vendors and the ISPs can sit down as equals and work out ways to improve P2P efficiency and make both the users and the ISPs happy. |
