MeanMF wrote this on the teamxlink forums last year. He also wrote the code for the new XLink 7.4 engine.
"Diffie-Hellman. It's not an encryption method, it's a way for the two Xboxes to come up with an encryption key to use for that connection. The actual keys change every time you connect to a host, and possibly more frequently. It's more or less the same thing that SSL uses when you connect to a secure web site.
The Xbox never actually measures the ping times. The Diffie-Hellman key exchange thing is a back-and-forth conversation between the two boxes. They give it a certain amount of time to complete, and if it doesn't then you can't connect. Sending the packets over the internet is enough delay to cause it to fail. 20ms is FOREVER in computer time.
Diffie-Hellman by itself is vulnerable to a "man in the middle" attack - you intercept every packet, make up your own keys, then decrypt and reencrypt every packet going back and forth. But they've added authentication to the mix, so the Xbox on the other end would know that you're not the real thing. SSL does the same thing - if you try to connect to a fake server it'll tell you that the server's SSL certificate doesn't match the site's URL.
The system prevents you from tampering with network traffic in system link games. It's there so you can't cheat by changing or looking at packets on the network. The original Xbox used basically the same system, but the time limit just wasn't there. It was trivial for them to add that check in."
It sounds like the only way around the M$ Ping limits is modding the 360. I know it will eventually happen, the question is... when. Get on it boys!