Researchers have developed a new method to measure whether Internet traffic is tampered with by middleboxes.
A middlebox is a computer networking device that can transform, inspect, filter, and manipulate Internet traffic — otherwise known as connection tampering — that is deemed as restricted between clients and servers due to reasons such as copyright infringement or Internet censorship.
The researchers found middleboxes that tamper with client traffic exhibit traffic patterns that do not look like typical client traffic to a server. They were able to distill these patterns into 19 tampering signatures.
After applying the signatures to 0.01% of all incoming connections at a large CDN provider, the researchers found that some signatures are predominantly observed only in certain regions (for example, PSH ⟶ RST;RST₀ is only seen in China) while others are observed globally.