1e31 Deep Packet Inspection - Telecomix Crypto Munitions Bureau

Deep Packet Inspection

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

The technologies for intercepting, scanning and archiving Internet communications has been commercially available for some time, and it's likely everything being sent unencrypted is being read as it crosses the public Internet.

Packet Inspection Invented around the early 1990s, packet inspection was originally used in stateful firewalls and Intrusion Detection Systems, which compensates for the limited capabilities of basic port-blocking firewalls. Packet inspection scans TCP headers to determine which services are communicating and other information about the packets being communicated. In practice this involves looking for specific bits that specify port numbers, error correction, flow control, etc. in the bit stream that make up the TCP packets.

Deep Packet Inspection This was a later development that enables scanning of TCP payloads, and therefore the content of Internet traffic, in real-time with negligible effects on latency. Deep Packet Inspection provides security and traffic management benefits, but there are substantial surveillance implications.

DPI Implementation DPI capabilities depend largely on the implementation of a given setup, including the location where the DPI equipment is installed, the volume of traffic, and whether the equipment is used for stripping and archiving certain TCP packets. Vendors of Deep Packet Inspection products are reluctant to reveal exactly how they perform in the real-world, but it's likely they can only be used for comparing payloads against known signatures, or to determine general behaviour through statistical analysis, but this could still be used in deciding which packets should be archived for later analysis.

Countermeasures Anything being communicated over the Internet is subject to interception, because it's on a public infrastructure for anyone with the resources to capture, so anything sensitive should be encrypted as a countermeasure. HTTPS/SSL and VPNs are effective against Deep Packet Inspection.

Personal tools
0