Darknets Coming Soon?

Anonymous Stalwart writes "CIO.com is running a story on darknets and their implications for security. With the ruling against Grokster, darknets seem poised to become a reality. How this will impact the future of the workplace, from top-level IT/IS managers all the way to non-IT jobs will depend on how the tech community that is developing this technology treats it."

Ok, real response

[LiquidCoooled]

Shouldn't the first sign "something" is up be an increase in bandwidth?
Once you know its happening, you know you have to identify the problem.

Unless somebody can root all the routers and IDS systems for every OS along the way, these darknets will always be detectable.

Re:Ok, real response

[agraupe]

Even if the darknets are detectable, it still won't be possible to monitor traffic on them. There is still the matter of encryption that will provide relative security to the users.

Re:Ok, real response

[l3v1]

The point is not hiding the network's existence, but hiding the traffic and the data itself. No use in you yelling "something's going on here" if you have no clue what it is.

the RIAA needs to be careful...

[Spy der Mann]

by prosecuting unencrypted networks like eDonkey, bittorrent, etc. they're only enforcing users to search for encrypted ways to transmit data. And I don't think encouraging encryption is gonna be any good for national security.

Just a thought.

Darknets? Blame the RIAA!!!

[ThatGeek]

Well, only 3 comments posted, and the link is already hosed.
As reported by Darknet dot com [darknet.com], a darknet is nothing more than a place where illegal communication (filesharing/hacking talk/speaking badly of the US president) can take place.
I don't see how darknets will make things any different. For years we've had gopher, IRC and other communication channels that have been below the vision of the management elite.
I think lawyers are starting to learn that techies can't be bullied as easily as most, because techies are able to build new infrastructures. Instead of giving up, techies take threats as a challenge or motivation to dive further and further away from public vision.

Re:Ok, real response

[Kjella]

Unless somebody can root all the routers and IDS systems for every OS along the way, these darknets will always be detectable.

Technically, they can look like any kind of encrypted connection, HTTPS, SSH or whatever. Besides, I think the idea of Darknets is flawed to begin with. It is taking current anonymous P2P networks (Freenet, Ants, I2P etc.) and tying both hands behind their back by no longer allowing all-to-all connections, but only connections to people you trust. That pretty much precludes any sensible routing and load balancing because people are selecting the available routes, and you can't create new connections. Say you are the only person with access to two different social groups, all info must flow over your connection creating a huge bottleneck that the software is not allowed to compensate for.

Not necessarily illegal

[Ritz_Just_Ritz]

A Darknet is a private virtual network where users only connect to people they trust. That's it. It can be used for good or evil.

Re:Darknets? Blame the RIAA!!!

[Anne_Nonymous]

>> a place where illegal communication (filesharing/hacking talk/speaking badly of the US president) can take place

Oh, a place like say... /.?

They'll Never Learn!

[TheZorch]

You can't teach the RIAA anything. They think they can stop P2P file sharing but the truth is all their legal efforts are driving it underground...where it was before Napster appeared.

There are a lot of very talented techies out there who can come up with some astonishing new tech. A fully encrypted P2P service that masks a user's IP address would make it hard for "the man" to find those who are illegally filesharing. Also, the hacker community can adapt to changing situations faster than any corporation. This is because they aren't hindered by office politics, ethics, patant and copyright compliance and legal compliance. They operate above the law, so it was really no surprise to me when Slashdot ran the story of the trojan that exploited the cloaking ability of Sony's DRM.

I wasn't surprised one bit.

Because of Grokster and others the RIAA bring down a new, bigger, and better P2P service will emerge with multiple layers of custom encryption, IP address masking, and no central server that can be distrupted. You could even block ports at the ISP level and they'll adapt again to support multiple ports at once. Its a loosing battle they just don't get it yet.

Why do you think Internet Security and Antivirus Industies are racking in so much money these days. They DON'T want to see the hacker put in jail because if all the security threats cease and no more viruses are being made they are all out of a job. It a multi-billion dollar industry.

The RIAA is utter and completely out of their league.

And the MPAA/RIAA's response will be...

[theonetruekeebler]

...treachery. Seriously. If they can't go through a public channel to find wrongdoers (that is, to find unprofitable conditions), they will start using undercover agents to befriend and betray their way into darknets. So basically they'll have spies pose as college students then coaxing real students into inviting them into the henhouse.

Hell, they'll probably set up a few darknets of their own, as "loss leaders" in their quest to fuck as many people out of as much money as possible. And they'll start a terror campaign, too. Did I say terror? I meant public relations. As in "The Guy You're Sharing Files With Might Be A Cop."

We could fall back to the true Darknet

[popsicle67]

I'm talking about snailmail. If it gets right down to it you can fall back to this time honored completely private way of transporting any files you wish to share. It also has the advantage of carrying a federal criminal violation against anyone who attempts to stop your mail. If things gat so bad in this country that even this becomes too troublesome we can all move to eastern europe or china as they will become the beacons of freedom much as our country used to be.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Ok, real response

[1u3hr]

ot in the corporate environment - the IT department will simply challenge you to explain why you're using so much more bandwidth

TFA was focused on corporate espionage, which wouldn't necessarily consume huge bandwidth. Besides corporate types thnk nothing of sending huge files (video presentations, eg) around, so even sneaking out big files wouldn't necessarily make a blip. Of course, USB dongles and such are a much easier and right-now threat in that regard.

Can't stop the signal

[macemoneta]

There are so many ways to abuse TCP/IP that it's impossible to stop data exchange unless you block all traffic. Heck, you can even communicate using ping, as in:

HOST1: ping -c 1 -p facedead12349876 host2
PATTERN: 0xfacedead12349876

HOST2: tcpdump -x ip proto \\icmp and src host host1
11:41:51.646216 IP host1 > host2: icmp 64: echo request seq 0
0x0000: 4500 0054 0000 4000 4001 1af7 8752 0886 E..T..@.@....R..
0x0010: 8752 0888 0800 4550 242d 0000 cf6c 7743 .R....EP$-...lwC
0x0020: 25e5 0900 face dead 1234 9876 face dead %........4.v....
0x0030: 1234 9876 face dead 1234 9876 face dead .4.v.....4.v....
0x0040: 1234 9876 face dead 1234 9876 face dead .4.v.....4.v....
0x0050: 1234

Sure, you'll see a lot of icmp traffic, but odds are most network folks won't considering the pad data in a ping to be payload.

It's like the old ppp over email implementations. Connectivity means data transfer. If some journalist or newbie network admin thinks otherwise, then it's just that much easier.

nah.. this is bunk

[sl4shd0rk]

Whatever devices are between the nics (no crossover cable) leave an opportunity to see whatever traffic is going between them. Even ntop [ntop.org] will tell you what types of traffic it's seeing - not to mention if you are inside a bunch of hubs. 'Darknet' sounds spectacular, but it just comes down to another stupid protocol running on a non-standard port. If you're lucky, your best luck is to invent your own protocol, encrypt it, and don't share the source with anyone. Good luck getting anyone to trust you though.

Re:Ok, real response

[Anonymous Coward]

You and the OP are both right. Blips in bandwidth useage tell you nothing about actual use, as you say. As an administrator, though, do you or should you care about anything other than bandwidth useage? I am a network administrator for a largish college myself, and I could really care less about how people use our network, as long as they don't impinge on other people's use. It's not my job to be net cop, judge, and jury, and I don't want it to be. So in that sense the OP is right - you know there's something going on that you care about if bandwidth useage becomes a issue. That's the only thing we really monitor where I work. If you exceed a certain useage threshold, you get clamped. Simple and non-judgemental. I don't work for the RIAA, the MPAA, the federal government, or any other entity with a legal interest in people's use of network resources. They can pay for their own detectives.

(As an aside, the recent expansion of CALEA to include private institutions like libraries and universities means I very well might be compelled to facilitate spying on people. I will become a de-facto informant working for the federal government. As an American, I find it extremely unsettling to experience what it must have felt like to live in post WWII East Germany.)

I really wonder how long it will be before some patronizing judgemental network administrator (or their employer) gets sued for abridging their user's rights. Sure, there's the "it's a private network, we have the right to rule with an iron fist" argument. There's also the argument that there are in fact limits to the control private enterprises can exert on their employees. Never mind paying students.

As a rule, it seems students have too many other obligations and distractions to get too caught up in how school administrators sometimes walk all over them. Too bad.

Re:Ok, real response

[Florian Weimer]

In other words, massive copyright infringement drives the demand for more bandwith, which drives research, investment and competition, benefitting the society enormously in the form of better technology (both communication and processing, since you need processing power for routing), better communication infrastructure, and cheaper prices for both. I see this as yet another reason for weaker, not stronger, copyright laws.

Interesting line of thought. But I don't think it's compelling. Contemporary file sharing protocols (especially the search component) are often rather inefficient. Making file sharing clearly legal would make it possible to offer more centralized services supporting it (where it makes sense), which would increase efficiency and reduce bandwidth usage.

On the other hand, if you outlaw file sharing completely and enforce it rigorously, as a user, you'd have to tunnel all file sharing traffic over secure anonymization networks (similar to what Tor does). Each packet would run back and forth through the network, in order to obscure its sender and receiver, tremendously increasing bandwidth requirements. So, following your argument, truly fascist copyright laws would advance networks even more.

But that's not a problem for IT managers

[Sycraft-fu]

If you are doing traffic on our network that I need to know what it is, I'll go to your computer and check. In a managed environment, like a corperation, you don't have privacy of your data. You can encrypt traffic, and should (we fight all the time to get the last few telnet users to switch to SSH) but that's to keep random malicious users out, not your IT staff. Your IT staff can come and ask to see what's happening on your computer and "no" isn't a legit answer, as the computer is company property.

I personally don't see any problems with Darknets that didn't already exist with SSH. If I work in an environment where we don't care what you do, unless it's a problem, then we'll ignore your traffic unless it's excessive. If I work in an environment where we restrict what you can do, then we'll monitor your traffic and if we see unknown encrypted traffic, you'll be asked what it was and your computer will be checked.

So I see Darknets as a problem for the RIAA maybe, and frankly I don't give a shit about them, but not for corperate IT.