Comments on: How Aircell is (probably) blocking VoIP phone calls on planes (hint… VoIP Whack-A-Mole)

By: Voice of VOIPSA » Blog Archive » Update on the Aircell / VoIP-on-a-plane prohibition - and an Aircell response

Thu, 28 Aug 2008 14:06:13 +0000

[...] my two posts on Tuesday explaining how Aircell was probably blocking VoIP and then why the Phweet/Tringme worked (temporarily), there have been a number of other posts that [...]

By: Aircell: On U.S. Planes, VoIP Will Be Muted - GigaOM

Aircell: On U.S. Planes, VoIP Will Be Muted - GigaOM — Tue, 26 Aug 2008 16:20:33 +0000

[...] can block the pure-play VoIP services because VoIP calls typically use a protocol called UDP. Dan York, CTO of Voxeo, has a great post explaining how VoIP works. In comparison, it is much harder to block calls that use the web and TCP protocol. York explains [...]

By: Christofer Hoff

Christofer Hoff — Tue, 26 Aug 2008 14:14:27 +0000

…or they could just as easily be using any one of the DPI/transparent proxies which provide protocol detection and application granularity — even in tunneled/encrypted traffic.

Palo Alto Networks does this — I had Skype running on my test machines behind it and it easily identified Skype in realtime. Blocking was simply facilitated by a policy — and by the way, I could choose to allow the IM but not the “voice” calls.

We’ve come a long way since whack-a-mole. No crazy incantations, chicken bones or voodoo required…

/Hoff

By: Dean

Dean — Tue, 26 Aug 2008 12:40:24 +0000

Nice summary Dan.

>>What if (hint) the folks at Aircell forgot to watch all protocols?<>someone will inevitably find a way to “cloak” their VoIP calls so that they are unrecognizable or indistinguishable from other data traffic…<<

My experience is that detecting *two-way* voice is actually pretty easy and I don’t believe it is possible to completely disguise the footprint of two-way voice without actually destroying the quality of the call. The two-way part is the hint - if you extend your pattern matching from wireshark to looking at both sides of the conversation the pattern that you’ll see is two streams of data, both quite chunky in size, and rarely overlapping. People having a conversation generally speak one at a time.

It’s a simple pattern to spot. And you can’t change that pattern without either mangling it in data and decoding each end (which produces latency) or changing peoples habits of how they communicate.

Dean

By: Voice of VOIPSA » Blog Archive » The reason why (probably) you can use Phweet on a plane when Skype is blocked

Tue, 26 Aug 2008 12:33:15 +0000

[...] Voice of VOIPSA Collective thoughts and musings on the state of VoIP security today. « How Aircell is (probably) blocking VoIP phone calls on planes (hint… VoIP Whack-A-Mole) [...]