DeepSec 2024 Talk: Remotely Snooping on Traffic Patterns using Network Protocols – Kirils Solovjovs
The presentation features novel research on using different protocols to remotely measure network load and deduce network traffic patterns of a target using ICMP and other widely adopted protocols. The attack allows to distinguish between file upload, file download, video streaming, VoIP, web browsing, etc. depending on network conditions. This attack works even when done from a different AS.
We asked Kirils a few more questions about his talk.
Please tell us the top facts about your talk.
- There is predictable correlation between Bandwidth, Throughput, and Latency.
- It is possible to remotely measure the load (throughput over bandwidth) of a network endpoint.
- Measured traffic patterns can be used to deduce the type of traffic at the remote network endpoint.
- The internet is a series of tubes.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I am always looking for the smallest deviations and abnormalities in my everyday tools and processes. I saw a deviation in ICMP packet latency which triggered my interest, so I correlated the data.
Why do you think this is an important topic?
This talk looks at a novel yet easily accessible concept that no one has previously researched.
Is there something you want everybody to know – some good advice for our readers, maybe?
Encrypt and back up your stuff! And if you can’t switch to hardware keys, please, at least use pass phrases instead of passwords.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
I hope and believe that the decentralization of the Web and the Internet will return in the coming decade. I am working as hard as I can to support that. In the long term, this will increase privacy, safety and security online.
Kirils Solovjovs is an IT policy activist, bug bounty hunter, and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.
He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the Latvian Parliament become the first parliament in the world that is prepared for a fully remote legislative process. Kirils currently works as a research assistant at the Institute of Electronics in Computer Science and as a member of the board at the IT security company “Possible Security”.