Forgot your password?
typodupeerror
Privacy The Internet Your Rights Online

An Education In Deep Packet Inspection 126

Posted by kdawson
from the opening-all-the-envelopes dept.
Deep Packet Inspection, or DPI, is at the heart of the debate over Network Neutrality — this relatively new technology threatens to upset the balance of power among consumers, ISPs, and information suppliers. An anonymous reader notes that the Canadian Privacy Commissioner has published a Web site, for Canadians and others, to educate about DPI technology. Online are a number of essays from different interested parties, ranging from DPI company officers to Internet law specialists to security professionals. The articles are open for comments. Here is the CBC's report on the launch.
This discussion has been archived. No new comments can be posted.

An Education In Deep Packet Inspection

Comments Filter:
  • by davecb (6526) * <davec-b@rogers.com> on Tuesday April 07, 2009 @05:30PM (#27496099) Homepage Journal

    It's a hacky technology to implement QOS because folks don't like setting the QOS bits and protocol in the headers. Usually because some Microsoft firewall only allows http on port 80 (;-))

    It's the use of it by the famous "men of good will but little understanding" that is bad, plus of course the use of it by men of ill will.

    --dave

  • by causality (777677) on Tuesday April 07, 2009 @05:39PM (#27496187)

    How would the authorities like to be deep inspected?

    That's a good question.

    This summary mentions education about deep packet inspection. To me that's a very simple thing that boils down to a few questions:

    Do you want your ISP and potential unknown/unaccountable parties to be able to easily monitor, intercept, and record some or all of your Internet traffic? Do you want profiles built on this information that will compromise your privacy and could be used to serve advertisements or to micromanage your Internet usage? Do you feel like QoS, which will be the given reason/excuse, is such a good and desirable thing that it's worth all of these disadvantages?

    Like so many things that are not the result of overwhelming customer demand, this is a bad idea that is open to all sorts of abuse.

  • by causality (777677) on Tuesday April 07, 2009 @05:46PM (#27496285)

    It's the use of it by the famous "men of good will but little understanding" that is bad, plus of course the use of it by men of ill will.

    The former category is much more dangerous. At least most people recognize ill-will when they see it. By far people with good intentions and no comprehension of the "law of unintended consequences" do more damage to the world than do people with openly evil intentions.

    No politician ever increased state power by saying "I'd like to see this nation become a totalitarian state and you should support me because this law will bring it closer to that goal." They do it by saying "this is for your safety" or "this is to stop terrorism" and the people who mean well and don't understand the damage they can do will eagerly eat that shit up. That's true whether or not the politician himself believes anything he is saying.

  • by rob_benson (698038) on Tuesday April 07, 2009 @05:52PM (#27496369) Homepage
    D.I. is neither good or bad, it is the illegal or immoral application of the technology that is the problem. I really am amazed that no-one on a technology site noted that the heart of the debate on net neutrality is free speech, not deep inspection.
  • by causality (777677) on Tuesday April 07, 2009 @05:55PM (#27496405)

    D.I. is neither good or bad, it is the illegal or immoral application of the technology that is the problem.

    It's a technology that almost no one wants except for those who are in a position to abuse it. That makes it difficult or impossible to view it as a "neutral" thing.

  • by koan (80826) on Tuesday April 07, 2009 @05:56PM (#27496409)

    Doesn't a good encryption system stop DPI from giving any useful information?

  • by Anonymous Coward on Tuesday April 07, 2009 @06:03PM (#27496497)
    it's just going to push more and more protocols to use TLS wrappers and to use random "legit looking" ports (like 20, 21, 80, 443, 110), a la Skype and most IM clients nowadays

    Good luck deep inspecting that crap
  • by BitterOak (537666) on Tuesday April 07, 2009 @06:07PM (#27496559)

    Doesn't a good encryption system stop DPI from giving any useful information?

    Any useful information? Sure! There is lots of useful information that can be gleaned even when encryption is used. Who are you communicating with? What protocol are you using? By looking at packet timing and packet sizes, much more information can be obtained than you might think, such as: are you web surfing vs. interactive keyboard login? Are you tranferring large files or reading short web pages? And if the structure of the web pages of the target site is known, the size of the packets transferred might even reveal which pages you were visiting. Some have even reported the ability to make educated guesses about keystrokes in interactive sessions based on timing of packets. Admittedly some of these features will have to wait for the next generation of DPI technology, but even today, a great deal of information can be collected.

  • by causality (777677) on Tuesday April 07, 2009 @06:08PM (#27496569)

    it's just going to push more and more protocols to use TLS wrappers and to use random "legit looking" ports (like 20, 21, 80, 443, 110), a la Skype and most IM clients nowadays Good luck deep inspecting that crap

    That's true. You'd think that "spam vs anti-spam measures" alone or "windows viruses vs windows virus scanners" alone would have taught us, by now, how to recognize an arms race when we're about to start one. This is what I mean when I say that our culture does not value foresight.

  • by 99BottlesOfBeerInMyF (813746) on Tuesday April 07, 2009 @06:09PM (#27496583)

    It's a technology that almost no one wants except for those who are in a position to abuse it. That makes it difficult or impossible to view it as a "neutral" thing.

    I've seen quite a few "good" uses of DPI, from filtering out content trying to contact worm control channels to gathering statistics on Web site usage for academia. You can use DPI to slow down traffic going to any video hosting site not paying you a kickback or you can use it to filter out a DDoS attack on one of your network's clients. The technology is useful today, but we do need legislation to keep it from being abused.

  • by token_username (1415329) on Tuesday April 07, 2009 @06:14PM (#27496627)
    Slightly off the point from this, but related: QoS mechanisms will probably just default encrypted traffic to a lower service class. That's the quick and easy way to handle it.
  • by Anonymous Coward on Tuesday April 07, 2009 @06:18PM (#27496661)

    Yes, analyzing packet sizes and frequencies can work in theory... until it is put into practice, because then it would be trivial for the encryption users to rewrite their servers and clients to send random-sized encrypted packets at random intervals and mess up any information you may have gained.

  • by click2005 (921437) on Tuesday April 07, 2009 @06:24PM (#27496721)

    I was going to say that wont work very well because of VoIP but as most ISPs are phone companies they probably dont want VoIP working too well either.

  • by Anonymous Coward on Tuesday April 07, 2009 @07:22PM (#27497283)

    Meaning well does not remove you from the causation of harm.

    Example:
    Just because I don't understand that shooting someone with a gun can kill them doesn't mean I didn't cause that person to die. It just means I am an ignorant fool who killed someone.

    Then again if you follow the train back far enough we can just blame *insert how you think the world came about here* for all evil.

  • by causality (777677) on Tuesday April 07, 2009 @08:04PM (#27497689)

    Then again if you follow the train back far enough we can just blame *insert how you think the world came about here* for all evil.

    That's why it makes more sense to look at it in terms of enablers who could have chosen differently. The people could study statecraft and propaganda techniques. They could study dictatorships like the Third Reich or Italy under Mussolini to learn how these leaders came to power by preying on the desperation and the weaknesses of the people. They can familiarize themselves with the sorts of excuses and justifications that are given for the expansion of state power. They can learn argumentation and research so that they are equipped to investigate things on their own instead of requiring that premade conclusions be spoonfed to them. In short, they can shed the naivete and the ignorance that must be present before such horrors can arise.

    Any literate adult with Internet access can do all of these things. The only obstacle they could encounter would be their own laziness or unwillingness. I would say that we have a responsibility to do these things because everything that is good about the way of life that we presently enjoy depends on an informed citizenry. Our civilization is on the decline because people think this does not apply to them, or they think that someone else will take care of it, or they think that the latest celebrity-worship is more important.

    The evil politicians are like organisms in an environment. The environment in which they thrive consists of ignorant people who are far too naive and trusting and do not guard themselves against being deceived. If you set up this sort of environment, those organisms will appear in it and will prosper. Thus, I believe it is the people and their ignorance and lack of priorities that are far more to blame, for they provide fertile soil without which this organism could never succeed. It should be assumed that evil men will come along who will try to take advantage of our way of life to suit their selfish purposes. We should be prepared for this and well-able to deal with it by never rewarding it with the power it seeks to have. We are not. We think our enemies are our friends because they know how to tell us what we want to hear. That is the problem.

  • by davidsyes (765062) on Tuesday April 07, 2009 @08:34PM (#27497961) Homepage Journal

    HAHA... this reminds me of the circa 1997/98 near-bust (or was it an actual bust?) of a famous sports player who got caught up in a Mountain View Police raid on a "massage parlor". His plea to the cops to not be cited or charged was that he wasn't there having sex; he was getting "deep tissue therapy"....

    In hind site, umm, hind SIGHT, ummm, hell, RETROspect, this may have been a form of "deep PACK IT" inspection. If things were non-condomnable, it might have ended up as a 32-bit insemination, vice inscription....

    AND, 32-bit inscription me of CNET Radio, in 99 or 2000 when Desmond Crisis (IIRC) got a call from a lady who had problems with technology. She said something like, "The instructions told me i need a system capable of 32-bit inscription..." Desmond said, "No, Mary, that's 32-bit enCRYPtion. 32-bit inSCRIPtion would be, 'The Lord is my Shepherd'", LOL

    Wow, amazing how all this ties into vices (sex, sportsballers & cops) & biblical things and radio....

  • by severoon (536737) on Tuesday April 07, 2009 @08:39PM (#27497993) Journal
    Is it time for strong encryption of packet payloads yet? ssh? Ostiary [homeunix.net]? However it goes, I'm good...just need to know the new standard for basic web browsing...
  • by Anonymous Coward on Tuesday April 07, 2009 @09:42PM (#27498491)

    "Do you drop random packets? Or do you identify someting that's drop-tolerant and delay-tolerant and drop those first?"

    There's no need to look into the packet to tell what the priority should be. Check the header, and see what priority the user gave it, but limit the amount of "high priority" traffic per user if there is congestion. The user doesn't gain anything by "cheating" and labeling their bittorrent or FTP as high priority - all they'll do is hurt their VoIP or streaming video.

    The TCP headers already have a priority field, which is easy to check and is fair. Why would you want to implement a CPU intensive, privacy-violating scheme like DPI to get around that? Only makes sense if you're a marketer, or in the business of selling expensive routers.

  • by rob_benson (698038) on Tuesday April 07, 2009 @10:31PM (#27498849) Homepage
    I use it for worm control and attack detection on a corporate network: nothing wrong with that at all. It is completely untrue that the only application of DI is for spying or nefarious activity. Its like blaming bit torrent protocol for piracy. Again, it is use of the tool that is the problem.
  • by Anonymous Coward on Tuesday April 07, 2009 @11:25PM (#27499257)

    You, my friend, do not understand human nature.

  • by anonymous cowshed (1503301) on Wednesday April 08, 2009 @04:16AM (#27500639)
    As the DPI box has access to, and holds records of, an extroardinary stream of data that mnust make it an incredibly tempting target for hackers. What have they put in place to prevent it being compromised?
  • The uneducated .. (Score:2, Insightful)

    by tsreyb (396650) on Thursday April 09, 2009 @12:26AM (#27513815)

    .. boggle my mind.

    Here's what I say to all you paranoid conspiracy freaks ..

    go ahead and encrypt your dang traffic. The Internet companies don't really care about the CONTENT of your traffic.

    Rather, they want to know what TYPE of traffic you're using - file transfer, web browsing, voice, video.

    You think I'm wrong that they don't care about your content. I'm sure you think I'm wrong - because every one of you posting on this thread is f*cking paranoid.

    But I can tell you first hand - they don't give a damn.

    You also don't want them using DPI to sell you stuff, or to hinder access to competing products.

    Fine .. they all provide opt-out capabilities for sales pitches .. and simple legislation would suffice to keep them from slowing down, say, skype, on their network.

    They can do many legit things with this data. For example ..

    1. Yes, they can set the QoS for you, so that video and voice can be allocated high priority, low latency resources, while file transfers can be assigned to more appropriate resources.

    2. They can trend the patterns of traffic in their network, fine tuning it for the type of data being sent, and adding capacity prior to bottlenecks occurring.

    3. They can more precisely understand events on their network - e.g., associating the release of a new version of some browser, or video player, or VOIP tool, or social website, etc. with a sudden rise in traffic on their network.

    For them, it is all about understanding what TYPES of applications run over their network. It is NOT about reading your email or facebook profile - they really couldn't give a sh*t about that.

    So, DPI technology has the potential for abuse? Sure .. and I'm sure some countries will try to take advantage of that.

    Does that frighten you? OK .. then by all means, go ahead and use encryption and port hopping !!! Contrary to what 99.99% of you on this board believe - encryption and port hopping won't prevent DPI and similar technologies from identifying WHAT you're doing. It does hide the content, for sure - which is what you want, right?

    So, buzz off already about this net neuter stuff. You can have your privacy. The companies can have their trending analysis tools. These things are NOT mutually exclusive.

"An open mind has but one disadvantage: it collects dirt." -- a saying at RPI

Working...