2015-ellard-rebound
findings extracted from this paper
-
He et al. found that 65% of sampled routes between public traceroute servers have some degree of AS-level asymmetry; John et al. found that asymmetry reaches 96% on Tier-1 ISP backbone links due to hot-potato routing. These figures invalidate the symmetric-route assumption underlying Telex and Cirripede and motivate a fully asymmetric design.
-
Because Rebound never terminates the client–decoy connection, connection-state probes (including 0trace-style TTL-expiry probes that bypass the decoy router via an alternate route) cannot reveal any discrepancy between the observed and actual state: the connection to the decoy host is always exactly in the state a censor would expect.
-
Rebound's mole protocol generates a characteristic traffic pattern — a steady stream of long HTTP GET requests followed by 404-style error responses — that may be identifiable via traffic analysis even though the channel is TLS-encrypted; the paper acknowledges this as an unmitigated vulnerability and notes that intermingling with ordinary requests reduces observability but further lowers effective throughput.
-
Rebound eliminates the stack-fingerprinting vulnerability present in Telex, Curveball, Cirripede, and TapDance by never forging packets addressed to the client; all data from the decoy router to the client travels through the real decoy host, so the TCP/IP stack fingerprint observed by a censor is always that of the genuine decoy.
-
In an Internet measurement from a residential Verizon FiOS client 12 hops from the Rebound router (26 ms RTT), Rebound achieves 129,398 bytes/s (≈126 KB/s) for 1 MB transfers, compared to 354,676 bytes/s for Curveball and 1,174,240 bytes/s for plain HTTP — sufficient to stream 360p video but roughly 3× slower than Curveball. The unoptimised Python router implementation uses less than half a core of an Intel Xeon E5620 at 2.4 GHz at sustained full speed.