Your WoW Packets are being Counted

  • #1
    I was dinking around with some QoS configurations today and found a pretty awesome command while configuring a class-map. I left a few other commands in the output so you can think about your internet behavior in the future...

    XXXXX(config-cmap)#match protocol blizwow


    XXXXX(config-cmap)#match protocol ?

    applejuice ------------- Apple juice P2P file sharing
    ...
    bb --------------------- Big Brother network monitoring tool
    ...
    bittorrent ------------- bittorrent
    ...
    blizwow ---------------- World of Warcraft Gaming Protocol
    ...
    call-of-duty ----------- Call of duty online gaming
    ...
    ...


    Basically what this means is, routers can match media traffic (there are hundreds of different sub-options under this command, I only listed 5). I'm not making any moral statements, this info is typically used to optimize network performance based on media-type, a very useful tool for service providers to improve your customer experience.. But of course there's a downside.. Just know the extent to which you're being watched, because each one of these match criteria can be configured to correlate to IP and MAC.

    Edit: Modified original output to make it more readable since this forum doesn't accept multiple spaces.
    "Ridicule is the only weapon which can be used against unintelligible propositions."
    -Thomas Jefferson
  • #2
    I'm just not sure what you're getting at.
    Ne frustra vixisse videar.
  • #3
    I found it pretty amazing that packets are being classified by your service provider based not just on protocol type (video, http, VoIP, etc), but the actual application type, on a per-game, per-application basis.. in QoS. It's good for optimization of media traffic in networks, it's bad for privacy.

    Make sense?
    "Ridicule is the only weapon which can be used against unintelligible propositions."
    -Thomas Jefferson
  • #4
    Quote from Moxx

    I'm just not sure what you're getting at.


    Me either.

    I honestly don't understand the point you're trying to make, OP. All I see is uninformed fear mongering about something I'm convinced you don't really understand in the first place.

    Quote from Dolaiim

    I found it pretty amazing that packets are being classified by your service provider based not just on protocol type (video, http, VoIP, etc), but the actual application type, on a per-game, per-application basis.. in QoS. It's good for optimization of media traffic in networks, it's bad for privacy.

    Make sense?


    How is it "bad" for privacy? This is what you're failing to explain. I assure you, that service providers have more information about your statistics than what protocols you're using.

    edit: Removed some unnecessary sass, I'm not trying to start a fight. I just don't really understand the concern here. These optimizations don't provide them anymore information than they already can access. All these are for, are classifications to tell the network how to optimize your requests. WoW, CoD and others are very popular and widely used. Service providers would be foolish to *not* provide optimization for these services given their magnitude. But believe me, a MAC and IP address is the least of your concerns. I'd be more worried about Blizzard scanning your memory allocation at any given time. Blizzard already has your MAC and IP address anytime you connect to the servers.
  • #5
    Quote from Illythia

    Quote from Moxx

    I'm just not sure what you're getting at.


    Me either.

    I honestly don't understand the point you're trying to make, OP. All I see is uninformed fear mongering about something I'm convinced you don't really understand in the first place.


    I've been a software engineer for Cisco Systems for 6 years, so trust me when I say I'm informed. Among other things, I review customer deployment and solutions topologies...

    To break things down:

    At first I was like "Hey that's great! AT&T edge routers can optimize Quality of Service and Quality of Experience by classifying actual end-user application metrics!" Then I was like "Hey, this information, which is inextricably tied to IP and MAC address, can be requisitioned at ANY TIME by the department of homeland security! That's NOT-A-SO-GOOD!!"

    Edit: Also removed some sass, cause I don't want a fight :)

    Edit2: From this solution set, paired with other features, all your data usage, including how much bandwidth per APPLICATION (not per protocol) can be tied to your MAC/IP, and that data can (and will) be permanently stored on netflow/medianet/snmp servers.

    I'm not trying to spread fear, I personally think this feature is great if used responsibly.. I just don't trust corporations to always act in the best interest of the general public.
    "Ridicule is the only weapon which can be used against unintelligible propositions."
    -Thomas Jefferson
  • #6
    Quote from Dolaiim

    Quote from Illythia

    Quote from Moxx

    I'm just not sure what you're getting at.


    Me either.

    I honestly don't understand the point you're trying to make, OP. All I see is uninformed fear mongering about something I'm convinced you don't really understand in the first place.


    HAHAHAAAAAAAAA you're good. I've been a software engineer for Cisco Systems for 6 years pal.

    To break things down:

    At first I was like "Hey that's great! AT&T edge routers can optimize Quality of Service and Quality of Experience by classifying actual end-user application metrics!" Then I was like "Hey, this information, which is inextricably tied to IP and MAC address, can be requisitioned at ANY TIME by the department of homeland security! That's NOT-A-SO-GOOD!!"

    Edit: Also removed some sass, cause I don't want a fight :)



    Uh, this isn't new at all. In fact, if the DHS or anyone with a warrant REALLY wanted to, they could just directly tap in and watch not only the number and types of packets, but actually sniff all your traffic. A "Cisco engineer" should be well aware of that.

    AT&T is notorious for freely giving access to their network at the slightest request of any government agency. This isn't new and this isn't exciting, it's terrifying but here we are, and there's not a lot us citizens can do since no elected official has made a serious attempt to stop or limit the access.

    Also you're using AT&T (or any other ISP's) network, of course they have basic logging of packets and applications on, if only for diagnosis.
  • #7
    everyone always seem ever so paranoid these days
  • #8
    Well turned effin interesting in a hurry! I don't know much about the subject, other than I am strongly against surveillance. I love to hear both sides of this story, that's really cool. Post more! :D
    Ne frustra vixisse videar.
  • #9
    Quote from chelate

    Quote from Dolaiim

    Quote from Illythia

    Quote from Moxx

    I'm just not sure what you're getting at.


    Me either.

    I honestly don't understand the point you're trying to make, OP. All I see is uninformed fear mongering about something I'm convinced you don't really understand in the first place.


    HAHAHAAAAAAAAA you're good. I've been a software engineer for Cisco Systems for 6 years pal.

    To break things down:

    At first I was like "Hey that's great! AT&T edge routers can optimize Quality of Service and Quality of Experience by classifying actual end-user application metrics!" Then I was like "Hey, this information, which is inextricably tied to IP and MAC address, can be requisitioned at ANY TIME by the department of homeland security! That's NOT-A-SO-GOOD!!"

    Edit: Also removed some sass, cause I don't want a fight :)



    Uh, this isn't new at all. In fact, if the DHS or anyone with a warrant REALLY wanted to, they could just directly tap in and watch not only the number and types of packets, but actually sniff all your traffic. A "Cisco engineer" should be well aware of that.

    AT&T is notorious for freely giving access to their network at the slightest request of any government agency. This isn't new and this isn't exciting, it's terrifying but here we are, and there's not a lot us citizens can do since no elected official has made a serious attempt to stop or limit the access.

    Also you're using AT&T (or any other ISP's) network, of course they have basic logging of packets and applications on, if only for diagnosis.


    I will say this.. the DHS is so amazingly behind the curve when it comes to "data tapping" it's mind-boggling. But yes, single-end-user targeted packet inspection can and has been viable for a loooong time..

    But, I can also tell you that direct, indiscriminate packet sniffing has not been successfully deployed at the edge for two very simple reasons: One, a typical edge router is capable of 200Gbps to well beyond 1Tbps, and is generally at least 10:1 oversubscribed (meaning the routers run at least near capacity at all times).

    Think about it.. it's hard enough just to forward all the packets coming into the router.. but in addition you want to duplicate each packet and store it on a server somewhere? It's not viable. Simply writing a script that can effectively filter that volume of data is just barely possible... and even if you could, there isn't a viable ways to store that volume of data.

    Two, ISP's are very uptight and feature-poor when it comes to production-side innovation (i.e. doing something other than what the router can natively do). Very very few network engineers at <some ISP> have permissions to even log into their routers (for good reason). Even fewer would know what to do if they could. Of the ones that can, even fewer do anything other than the bare minimum to meet user performance requirements.

    SP's typically use SNMP and/or Netflow for their accounting.. which is not nearly as granular as the features I showed here.

    What this feature does is brilliantly and efficiently organize deep layer 7 packet inspection, providing hooks for not only monitoring and optimization in the asic (equals fast), but lean, efficient organization and storage of any/all accounting data using SNMP, FNF, etc.

    The fact that this granularity is now being build into ROUTERS, is a very interesting topic to network geeks, and perhaps interesting to you. I mean, NBAR has been around for a while, but the list of applications supported is now pretty mind-blowing.
    "Ridicule is the only weapon which can be used against unintelligible propositions."
    -Thomas Jefferson
  • To post a comment, please or register a new account.
Posts Quoted:
Reply
Clear All Quotes