Free tool for testing net neutrality
IT security specialist Dan Kaminsky has announced N00ter, a tool for identifying artificial brakes on data traffic implemented by ISPs. Kaminsky first described N00ter at the Black Hat and DefCon security conferences in Las Vegas. He intends to make it available to download free of charge within the next few weeks. N00ter, hacker speak for neutral router, will tell users whether their ISP is slowing traffic to and from individual web sites and giving preferential treatment to other web sites. Until now, there has been no way for a normal web user to tell if his or her ISP is manipulating their quality of service.
N00ter provides what Kaminsky describes as "incontrovertible" evidence if a provider is interfering with transfer rates to and from specific servers. Put simply, the N00ter client communicates with a special proxy and measures packet delivery times. Kaminsky has told heise Security, The H's associates in Germany, that he has had the broker hosted by a professional hosting company which permits IP spoofing. Spoofing is a key requirement for N00ter to work. In a subsequent step, the proxy sends packets to the client with spoofed source addresses – in his presentation Kaminsky uses bing.com and google.com as examples.
To the user's ISP, the traffic appears to have come from the genuine web server. According to Kaminsky, the ISP has no way of distinguishing between spoofed and genuine sources. A time difference between the first and second measurement means, according to Kaminsky, that the ISP is applying an HTTP policy.
Because the proxy server eliminates all other factors, the only possible source of differences in response time is changes to bandwidth/quality of service instituted by the ISP. It is also possible that ISP filters will not be activated when they only see server to client communication. Kaminsky has therefore come up with Roto-N00ter to deal with this scenario. In this case the proxy takes on the role of the client and compares performance with that achieved when the client communicates directly with the web server.
(Uli Ries / djwm)