Deep Packet Inspection(DPI)
Posted: Thu Oct 15, 2020 9:37 am
Hello, a week ago they(ISP) started actively blocking Bittorrent traffic.
All trackers are available, the speed is within 300KB, but when downloading a torrent, it goes down to 4-10KB.
What I tried: I disabled communication over uTP, disabled udp trackers(just in case), changed ports, even to 443, disabled DHT, LPD, reduced the number of connections to 8, also set the number of peers to 8, enabled forced encryption(obfuscation), many peers fall asleep(choked).
All of this is bypassed by VPN, Tor.
But I don't want to reduce the speed; with sites on http(s), when downloading files, all at maximum speeds.
As I understand it, heuristics and behavioral analysis of packets are used, while the application is running, it generates dynamic traffic, which can also be identified and labeled. For example, BitTorrent generates traffic with a certain sequence of packets that have the same characteristics (incoming and outgoing port, packet size, number of sessions opened per unit of time). it can be classified according to a behavioral (heuristic) model.
I am sure that this practice will soon be used by many providers.
It may also be that the provider knocks on my/destination's port and checks whether the Bittorrent client is installed there, uses the Connection probe technique, where when trying to connect to any IP address, such a request is first "frozen", and the subsequent advanced connection to the target address is made on behalf of DPI.
What I wanted to ask is, can the evolution of the Bittorrent Protocol solve these problems, and in your opinion, what would be possible to do?
Thanks.
All trackers are available, the speed is within 300KB, but when downloading a torrent, it goes down to 4-10KB.
What I tried: I disabled communication over uTP, disabled udp trackers(just in case), changed ports, even to 443, disabled DHT, LPD, reduced the number of connections to 8, also set the number of peers to 8, enabled forced encryption(obfuscation), many peers fall asleep(choked).
All of this is bypassed by VPN, Tor.
But I don't want to reduce the speed; with sites on http(s), when downloading files, all at maximum speeds.
As I understand it, heuristics and behavioral analysis of packets are used, while the application is running, it generates dynamic traffic, which can also be identified and labeled. For example, BitTorrent generates traffic with a certain sequence of packets that have the same characteristics (incoming and outgoing port, packet size, number of sessions opened per unit of time). it can be classified according to a behavioral (heuristic) model.
I am sure that this practice will soon be used by many providers.
It may also be that the provider knocks on my/destination's port and checks whether the Bittorrent client is installed there, uses the Connection probe technique, where when trying to connect to any IP address, such a request is first "frozen", and the subsequent advanced connection to the target address is made on behalf of DPI.
What I wanted to ask is, can the evolution of the Bittorrent Protocol solve these problems, and in your opinion, what would be possible to do?
Thanks.