A Seattle-based security researcher has devised a way to test for net neutrality.
Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, at the Black Hat USA security conference in Las Vegas this week. The software can tell if computers are treating some types of TCP/IP traffic better than others — dropping data that is being used in VoIP (voiceover Internet Protocol) calls, or treating encrypted data as second class, for example.
The US Congress is presently debating whether to enact "net neutrality" laws that would prevent this from happening. Net neutrality would force US internet service providers like AT&T and Comcast to give all internet traffic the same quality of service. Advocates of these laws say they are essential to preserving the openness that has made the Internet a success. Broadband providers say that such laws could prevent them from developing a new generation of services.
Kaminsky calls his technique "TCP-based Active Probing for Faults." He says that the software he's developing will be similar to the Traceroute utility that is used to track what path internet traffic takes as it hops between two machines on different ends of the network.
But unlike Traceroute, Kaminsky's software will be able to make traffic appear as if it is coming from a particular carrier, or being used for a certain type of application, like VoIP. It will also be able to identify where the traffic is being dropped, and could ultimately be used to finger service providers who are treating some network traffic as second-class.
At Black Hat, Kaminsky will show how to perform a basic version of TCP-based Active Probing using currently available tools. He will release his own, more sophisticated software sometime within the next six months as part of a free suite of tools called Paketto Keiretsu, version 3, he says.
The security researcher said he is curious to see what people do with his software. "People are going to start looking [at networks] and who knows what they are going to find," he says.
Already a handful of carriers have tried blocking certain types of internet services. In March 2005, the US Federal Communications Commission (FCC) fined Madison River Communications US$15,000 for blocking Vonage's VoIP service, but the FCC has since changed its broadband carrier requirements and it's unclear whether it would again issue a similar fine.
Kaminsky believes that net neutrality will eventually become law, and that the type of software he is developing will help keep the carriers honest. "If you're going to enforce by law that networks be neutral, the question becomes, 'How do you test for this?'" he says. "I'm going to make sure that the tools are going to be in place."
Kaminsky plans to post information on TCP-based Active Probing for Faults here.