SlideShare a Scribd company logo

Encrypted Traffic in Egypt - an attempt to understand

Ahmed Mekkawy
Ahmed Mekkawy

UPDATE: The video is added after the last slide. After OONI report about internet censorship in Egypt, I'm publishing some technical logs that discusses the existence of an active DPI with MITM capabilities in Egypt.

Internet
1 of 31
Download to read offline
Encrypted Traffic in Egypt An attempt to understand Ahmed Mekkawy CEO | Founder Spirula Systems
About the Presenter ● Founder and CEO of Spirula Systems. ● Co-founder of OpenEgypt. ● Free Software Foundation (FSF) member. ● Independent consultant at MCIT. ● Advisory board member at Mushtarak TechHub. ● One of the authors of the Egyptian national FOSS adoption strategy.
Scope of this Presentation ● Facts by me: authenticity not proven ● Online screenshots ● Facts by OONI ● My conclusion
Part I: The Story
HTTPS MITM attempt
OpenVPN & PPTP ● Throttling ● Blockage
OpenVPN / UDP1194 – May 20th ● Server: No logs ● Client: May 20 08:48:27 localhost NetworkManager[1109]: <info> VPN connection 'vpn2' (Connect) reply received. May 20 08:48:28 localhost nm-openvpn[5705]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key file May 20 08:48:28 localhost nm-openvpn[5705]: UDPv4 link local: [undef] May 20 08:48:28 localhost nm-openvpn[5705]: UDPv4 link remote: [AF_INET]VPN_IP:1194 May 20 08:48:28 localhost nm-openvpn[5705]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:1194 May 20 08:49:07 localhost NetworkManager[1109]: <warn> VPN connection 'vpn2' (IP Config Get) timeout exceeded. ... May 20 08:48:58 localhost nm-openvpn[5705]: message repeated 4 times: [ TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:1194] May 20 08:49:07 localhost nm-openvpn[5705]: SIGTERM[hard,] received, process exiting
OpenVPN / UDP53 – May 20th ● Server: No logs ● Client: May 20 08:58:51 localhost NetworkManager[1109]: <info> VPN connection 'vpn2' (Connect) reply received. May 20 08:58:51 localhost nm-openvpn[5897]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key file May 20 08:58:51 localhost nm-openvpn[5897]: UDPv4 link local: [undef] May 20 08:58:51 localhost nm-openvpn[5897]: UDPv4 link remote: [AF_INET]VPN_IP:53 May 20 08:58:51 localhost nm-openvpn[5897]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:53 May 20 08:59:31 localhost NetworkManager[1109]: <warn> VPN connection 'vpn2' (IP Config Get) timeout exceeded. ... May 20 08:59:21 localhost nm-openvpn[5897]: message repeated 4 times: [ TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:53] May 20 08:59:31 localhost nm-openvpn[5897]: SIGTERM[hard,] received, process exiting
OpenVPN / TCP443 – May 20th ● Server: No logs ● Client: May 20 08:52:54 localhost nm-openvpn[5791]: Attempting to establish TCP connection with [AF_INET]VPN_IP:1194 [nonblock] May 20 08:52:55 localhost nm-openvpn[5791]: TCP connection established with [AF_INET]VPN_IP:1194 May 20 08:52:55 localhost nm-openvpn[5791]: TCPv4_CLIENT link local: [undef] May 20 08:52:55 localhost nm-openvpn[5791]: TCPv4_CLIENT link remote: [AF_INET]VPN_IP:1194 May 20 08:52:55 localhost nm-openvpn[5791]: Connection reset, restarting [0] May 20 08:52:55 localhost nm-openvpn[5791]: SIGUSR1[soft,connection-reset] received, process restarting
OpenVPN / TCP8000 – May 20th ● Client and Server logs normal ● Connectivity within the tunnel: $ ping -c 10 vpn2 --- vpn2 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9014ms rtt min/avg/max/mdev = 94.359/96.217/99.897/1.902 ms $ ping -c 10 10.8.0.5 PING 10.8.0.5 (10.8.0.5) 56(84) bytes of data. --- 10.8.0.5 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 8999ms
HTTPS Blockage – Jul 13th
HTTP MITM on Porn websites (!!) Disclaimer: This is a screenshot from OONI report
Part II: Service Providers
ISPs
ISPs
CAIX
Part III: OONI Report
What is OONI ● Open Observatory of Network Interfaces ● Part of TOR project ● Checks a list of URLs provided by Citizen Lab
The Report
Report Highlights ● Media censorship – Collateral damage ● HTTPS throttling – Inaccessible URLs ● Attempts to block Tor ● Advertisement and malware injection – Third party tools (curl) showing injected content
Conclusion ● DPI with MITM capabilities ● Possible daily Big Data analytics to enhance the DPI rules through a certain AI model ● All this is a testing phase
Discussion Ahmed Mekkawy mekkawy@spiru.la

Recommended

QUIC
QUICQUIC
QUICApache Traffic Server
 
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPFastly
 
How HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itHow HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itNils De Moor
 
Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Ericom Software
 
XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017Xoxzo Inc.
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueDianaWhitney4
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueDianaWhitney4
 

Recommended

QUIC
QUICQUIC
QUICApache Traffic Server
 
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPFastly
 
How HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itHow HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itNils De Moor
 
Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Google Chromebook for the Enterprise: Yeah or Meh?
Google Chromebook for the Enterprise: Yeah or Meh?Ericom Software
 
XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017XoxzoテレフォニーAPI入門2017
XoxzoテレフォニーAPI入門2017Xoxzo Inc.
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueDianaWhitney4
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueDianaWhitney4
 
Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websocketsWim Godden
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffingbudi rahardjo
 
[발표]HTTP
[발표]HTTP[발표]HTTP
[발표]HTTPHodongMan
 
ClusterDesktop manual how-to use for Linux clients
ClusterDesktop manual how-to use for Linux clientsClusterDesktop manual how-to use for Linux clients
ClusterDesktop manual how-to use for Linux clientsEmil Parashkevov
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門Xoxzo Inc.
 
NetBeez - Test tcp connectivity with telnet
NetBeez - Test tcp connectivity with telnetNetBeez - Test tcp connectivity with telnet
NetBeez - Test tcp connectivity with telnetNetBeez, Inc.
 
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...Leonel Morgado
 
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Leonel Morgado
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network IssuesApcera
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developersWim Godden
 
Cgi
CgiCgi
CgiAkramWaseem
 
Lessons from IPv6 Day
Lessons from IPv6 DayLessons from IPv6 Day
Lessons from IPv6 DayJon Warbrick
 
Implement server push in flask framework
Implement server push in flask frameworkImplement server push in flask framework
Implement server push in flask frameworkChi-Chia Huang
 
16network Programming Servers
16network Programming Servers16network Programming Servers
16network Programming ServersAdil Jafri
 
Mulesofthttpconnector
Mulesofthttpconnector Mulesofthttpconnector
Mulesofthttpconnector ennVee TechnoGroup Inc.
 
Client–server model
Client–server modelClient–server model
Client–server modelVladimir Doroshenko
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Server
ServerServer
Serverjdsinf
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0Cory Forsyth
 
WebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossibleWebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossibleYoan-Alexander Grigorov
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Prevent ssh-tunneling
Prevent ssh-tunnelingPrevent ssh-tunneling
Prevent ssh-tunnelingYudi Arijanto
 

More Related Content

What's hot

Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websocketsWim Godden
 
[발표]HTTP
[발표]HTTP[발표]HTTP
[발표]HTTPHodongMan
 
ClusterDesktop manual how-to use for Linux clients
ClusterDesktop manual how-to use for Linux clientsClusterDesktop manual how-to use for Linux clients
ClusterDesktop manual how-to use for Linux clientsEmil Parashkevov
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門Xoxzo Inc.
 
NetBeez - Test tcp connectivity with telnet
NetBeez - Test tcp connectivity with telnetNetBeez - Test tcp connectivity with telnet
NetBeez - Test tcp connectivity with telnetNetBeez, Inc.
 
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...Leonel Morgado
 
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Leonel Morgado
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network IssuesApcera
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developersWim Godden
 
Lessons from IPv6 Day
Lessons from IPv6 DayLessons from IPv6 Day
Lessons from IPv6 DayJon Warbrick
 
Implement server push in flask framework
Implement server push in flask frameworkImplement server push in flask framework
Implement server push in flask frameworkChi-Chia Huang
 
16network Programming Servers
16network Programming Servers16network Programming Servers
16network Programming ServersAdil Jafri
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Server
ServerServer
Serverjdsinf
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0Cory Forsyth
 

What's hot (20)

Building interactivity with websockets
Building interactivity with websocketsBuilding interactivity with websockets
Building interactivity with websockets
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffing
 
[발표]HTTP
[발표]HTTP[발표]HTTP
[발표]HTTP
 
ClusterDesktop manual how-to use for Linux clients
ClusterDesktop manual how-to use for Linux clientsClusterDesktop manual how-to use for Linux clients
ClusterDesktop manual how-to use for Linux clients
 
初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門初心者のためのPythonによるWebAPI活用方入門
初心者のためのPythonによるWebAPI活用方入門
 
NetBeez - Test tcp connectivity with telnet
NetBeez - Test tcp connectivity with telnetNetBeez - Test tcp connectivity with telnet
NetBeez - Test tcp connectivity with telnet
 
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
Metodologias de Programação IV - Aula 4, Secção 1 - Suporte para cache no pro...
 
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network Issues
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developers
 
Cgi
CgiCgi
Cgi
 
Lessons from IPv6 Day
Lessons from IPv6 DayLessons from IPv6 Day
Lessons from IPv6 Day
 
Implement server push in flask framework
Implement server push in flask frameworkImplement server push in flask framework
Implement server push in flask framework
 
16network Programming Servers
16network Programming Servers16network Programming Servers
16network Programming Servers
 
Mulesofthttpconnector
Mulesofthttpconnector Mulesofthttpconnector
Mulesofthttpconnector
 
Client–server model
Client–server modelClient–server model
Client–server model
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
Server
ServerServer
Server
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
 
WebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossibleWebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossible
 

Similar to Encrypted Traffic in Egypt - an attempt to understand

How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Prevent ssh-tunneling
Prevent ssh-tunnelingPrevent ssh-tunneling
Prevent ssh-tunnelingYudi Arijanto
 
Quick and Dirty Python Deployments with Heroku
Quick and Dirty Python Deployments with HerokuQuick and Dirty Python Deployments with Heroku
Quick and Dirty Python Deployments with HerokuDaniel Pritchett
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaHanaysha
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of serversvideos
 
Visual Security Event Analysis - DefCon 13 - 2005
Visual Security Event Analysis - DefCon 13 - 2005Visual Security Event Analysis - DefCon 13 - 2005
Visual Security Event Analysis - DefCon 13 - 2005Raffael Marty
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser NetwrokingShuya Osaki
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
Docker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingDocker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingOpen Source Consulting
 
Cont-Forensic-Analytics-Dipto-14Apr2015-post
Cont-Forensic-Analytics-Dipto-14Apr2015-postCont-Forensic-Analytics-Dipto-14Apr2015-post
Cont-Forensic-Analytics-Dipto-14Apr2015-postDipto Chakravarty
 
Nginx, PHP, Apache and Spelix
Nginx, PHP, Apache and SpelixNginx, PHP, Apache and Spelix
Nginx, PHP, Apache and SpelixHarald Zeitlhofer
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspectiveshwetank
 
[Advantech] ADAM-3600 open vpn setting Tutorial step by step
[Advantech] ADAM-3600 open vpn setting Tutorial step by step [Advantech] ADAM-3600 open vpn setting Tutorial step by step
[Advantech] ADAM-3600 open vpn setting Tutorial step by step Ming-Hung Hseih
 
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfpresentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfssuserf0e32f
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Jean-Frederic Clere
 
Smart DoorLock Keynote
Smart DoorLock Keynote Smart DoorLock Keynote
Smart DoorLock Keynote Seungmin Chun
 
Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014Netgate
 

Similar to Encrypted Traffic in Egypt - an attempt to understand (20)

How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFW
 
Prevent ssh-tunneling
Prevent ssh-tunnelingPrevent ssh-tunneling
Prevent ssh-tunneling
 
Quick and Dirty Python Deployments with Heroku
Quick and Dirty Python Deployments with HerokuQuick and Dirty Python Deployments with Heroku
Quick and Dirty Python Deployments with Heroku
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers
 
Visual Security Event Analysis - DefCon 13 - 2005
Visual Security Event Analysis - DefCon 13 - 2005Visual Security Event Analysis - DefCon 13 - 2005
Visual Security Event Analysis - DefCon 13 - 2005
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser Netwroking
 
Wireguard VPN
Wireguard VPNWireguard VPN
Wireguard VPN
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Docker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingDocker on openstack by OpenSource Consulting
Docker on openstack by OpenSource Consulting
 
Cont-Forensic-Analytics-Dipto-14Apr2015-post
Cont-Forensic-Analytics-Dipto-14Apr2015-postCont-Forensic-Analytics-Dipto-14Apr2015-post
Cont-Forensic-Analytics-Dipto-14Apr2015-post
 
Nginx, PHP, Apache and Spelix
Nginx, PHP, Apache and SpelixNginx, PHP, Apache and Spelix
Nginx, PHP, Apache and Spelix
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspective
 
[Advantech] ADAM-3600 open vpn setting Tutorial step by step
[Advantech] ADAM-3600 open vpn setting Tutorial step by step [Advantech] ADAM-3600 open vpn setting Tutorial step by step
[Advantech] ADAM-3600 open vpn setting Tutorial step by step
 
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfpresentation_4102_1493726768.pdf
presentation_4102_1493726768.pdf
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3
 
Smart DoorLock Keynote
Smart DoorLock Keynote Smart DoorLock Keynote
Smart DoorLock Keynote
 
Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014Intro to Packet Analysis - pfSense Hangout May 2014
Intro to Packet Analysis - pfSense Hangout May 2014
 
HTTP/2 and SAP Fiori
HTTP/2 and SAP FioriHTTP/2 and SAP Fiori
HTTP/2 and SAP Fiori
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 

More from Ahmed Mekkawy

Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...Ahmed Mekkawy
 
OpenData for governments
OpenData for governmentsOpenData for governments
OpenData for governmentsAhmed Mekkawy
 
Infrastructure as a Code
Infrastructure as a Code Infrastructure as a Code
Infrastructure as a Code Ahmed Mekkawy
 
شركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحة
شركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحةشركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحة
شركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحةAhmed Mekkawy
 
Everything is a Game
Everything is a GameEverything is a Game
Everything is a GameAhmed Mekkawy
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayAhmed Mekkawy
 
FOSS Enterpreneurship
FOSS EnterpreneurshipFOSS Enterpreneurship
FOSS EnterpreneurshipAhmed Mekkawy
 
Intro to FOSS & using it in development
Intro to FOSS & using it in developmentIntro to FOSS & using it in development
Intro to FOSS & using it in developmentAhmed Mekkawy
 
FOSS, history and philosophy
FOSS, history and philosophyFOSS, history and philosophy
FOSS, history and philosophyAhmed Mekkawy
 
Virtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud ComptingVirtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud ComptingAhmed Mekkawy
 
A look at computer security
A look at computer securityA look at computer security
A look at computer securityAhmed Mekkawy
 
Networking in Gnu/Linux
Networking in Gnu/LinuxNetworking in Gnu/Linux
Networking in Gnu/LinuxAhmed Mekkawy
 
Foss Movement In Egypt
Foss Movement In EgyptFoss Movement In Egypt
Foss Movement In EgyptAhmed Mekkawy
 

More from Ahmed Mekkawy (20)

Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
Securing Governmental Public Services with Free/Open Source Tools - Egyptian ...
 
OpenData for governments
OpenData for governmentsOpenData for governments
OpenData for governments
 
Infrastructure as a Code
Infrastructure as a Code Infrastructure as a Code
Infrastructure as a Code
 
شركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحة
شركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحةشركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحة
شركة سبيرولا للأنظمة والجمعية المصرية للمصادر المفتوحة
 
Everything is a Game
Everything is a GameEverything is a Game
Everything is a Game
 
Why Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS wayWhy Cloud Computing has to go the FOSS way
Why Cloud Computing has to go the FOSS way
 
FOSS Enterpreneurship
FOSS EnterpreneurshipFOSS Enterpreneurship
FOSS Enterpreneurship
 
Intro to FOSS & using it in development
Intro to FOSS & using it in developmentIntro to FOSS & using it in development
Intro to FOSS & using it in development
 
FOSS, history and philosophy
FOSS, history and philosophyFOSS, history and philosophy
FOSS, history and philosophy
 
Virtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud ComptingVirtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud Compting
 
A look at computer security
A look at computer securityA look at computer security
A look at computer security
 
Networking in Gnu/Linux
Networking in Gnu/LinuxNetworking in Gnu/Linux
Networking in Gnu/Linux
 
Foss Movement In Egypt
Foss Movement In EgyptFoss Movement In Egypt
Foss Movement In Egypt
 
Sysprog17
Sysprog17Sysprog17
Sysprog17
 
Sysprog 15
Sysprog 15Sysprog 15
Sysprog 15
 
Sysprog 9
Sysprog 9Sysprog 9
Sysprog 9
 
Sysprog 12
Sysprog 12Sysprog 12
Sysprog 12
 
Sysprog 14
Sysprog 14Sysprog 14
Sysprog 14
 
Sysprog 11
Sysprog 11Sysprog 11
Sysprog 11
 
Sysprog 7
Sysprog 7Sysprog 7
Sysprog 7
 

Recently uploaded

How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxGal Baras
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02
 

Recently uploaded (12)

How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 

Encrypted Traffic in Egypt - an attempt to understand

  • 1. Encrypted Traffic in Egypt An attempt to understand Ahmed Mekkawy CEO | Founder Spirula Systems
  • 2. About the Presenter ● Founder and CEO of Spirula Systems. ● Co-founder of OpenEgypt. ● Free Software Foundation (FSF) member. ● Independent consultant at MCIT. ● Advisory board member at Mushtarak TechHub. ● One of the authors of the Egyptian national FOSS adoption strategy.
  • 3. Scope of this Presentation ● Facts by me: authenticity not proven ● Online screenshots ● Facts by OONI ● My conclusion
  • 4. Part I: The Story
  • 6. OpenVPN & PPTP ● Throttling ● Blockage
  • 7. OpenVPN / UDP1194 – May 20th ● Server: No logs ● Client: May 20 08:48:27 localhost NetworkManager[1109]: <info> VPN connection 'vpn2' (Connect) reply received. May 20 08:48:28 localhost nm-openvpn[5705]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key file May 20 08:48:28 localhost nm-openvpn[5705]: UDPv4 link local: [undef] May 20 08:48:28 localhost nm-openvpn[5705]: UDPv4 link remote: [AF_INET]VPN_IP:1194 May 20 08:48:28 localhost nm-openvpn[5705]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:1194 May 20 08:49:07 localhost NetworkManager[1109]: <warn> VPN connection 'vpn2' (IP Config Get) timeout exceeded. ... May 20 08:48:58 localhost nm-openvpn[5705]: message repeated 4 times: [ TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:1194] May 20 08:49:07 localhost nm-openvpn[5705]: SIGTERM[hard,] received, process exiting
  • 8. OpenVPN / UDP53 – May 20th ● Server: No logs ● Client: May 20 08:58:51 localhost NetworkManager[1109]: <info> VPN connection 'vpn2' (Connect) reply received. May 20 08:58:51 localhost nm-openvpn[5897]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key file May 20 08:58:51 localhost nm-openvpn[5897]: UDPv4 link local: [undef] May 20 08:58:51 localhost nm-openvpn[5897]: UDPv4 link remote: [AF_INET]VPN_IP:53 May 20 08:58:51 localhost nm-openvpn[5897]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:53 May 20 08:59:31 localhost NetworkManager[1109]: <warn> VPN connection 'vpn2' (IP Config Get) timeout exceeded. ... May 20 08:59:21 localhost nm-openvpn[5897]: message repeated 4 times: [ TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:53] May 20 08:59:31 localhost nm-openvpn[5897]: SIGTERM[hard,] received, process exiting
  • 9. OpenVPN / TCP443 – May 20th ● Server: No logs ● Client: May 20 08:52:54 localhost nm-openvpn[5791]: Attempting to establish TCP connection with [AF_INET]VPN_IP:1194 [nonblock] May 20 08:52:55 localhost nm-openvpn[5791]: TCP connection established with [AF_INET]VPN_IP:1194 May 20 08:52:55 localhost nm-openvpn[5791]: TCPv4_CLIENT link local: [undef] May 20 08:52:55 localhost nm-openvpn[5791]: TCPv4_CLIENT link remote: [AF_INET]VPN_IP:1194 May 20 08:52:55 localhost nm-openvpn[5791]: Connection reset, restarting [0] May 20 08:52:55 localhost nm-openvpn[5791]: SIGUSR1[soft,connection-reset] received, process restarting
  • 10. OpenVPN / TCP8000 – May 20th ● Client and Server logs normal ● Connectivity within the tunnel: $ ping -c 10 vpn2 --- vpn2 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9014ms rtt min/avg/max/mdev = 94.359/96.217/99.897/1.902 ms $ ping -c 10 10.8.0.5 PING 10.8.0.5 (10.8.0.5) 56(84) bytes of data. --- 10.8.0.5 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 8999ms
  • 11.
  • 12. HTTPS Blockage – Jul 13th
  • 13.
  • 14.
  • 15. HTTP MITM on Porn websites (!!) Disclaimer: This is a screenshot from OONI report
  • 16. Part II: Service Providers
  • 17. ISPs
  • 18.
  • 19.
  • 20. ISPs
  • 21.
  • 22.
  • 23.
  • 24. CAIX
  • 25. Part III: OONI Report
  • 26. What is OONI ● Open Observatory of Network Interfaces ● Part of TOR project ● Checks a list of URLs provided by Citizen Lab
  • 27.
  • 29. Report Highlights ● Media censorship – Collateral damage ● HTTPS throttling – Inaccessible URLs ● Attempts to block Tor ● Advertisement and malware injection – Third party tools (curl) showing injected content
  • 30. Conclusion ● DPI with MITM capabilities ● Possible daily Big Data analytics to enhance the DPI rules through a certain AI model ● All this is a testing phase