Slashdot Mirror

← Back to Stories (view on slashdot.org)

An Education In Deep Packet Inspection

Posted by kdawson on from the opening-all-the-envelopes dept.

Deep Packet Inspection, or DPI, is at the heart of the debate over Network Neutrality — this relatively new technology threatens to upset the balance of power among consumers, ISPs, and information suppliers. An anonymous reader notes that the Canadian Privacy Commissioner has published a Web site, for Canadians and others, to educate about DPI technology. Online are a number of essays from different interested parties, ranging from DPI company officers to Internet law specialists to security professionals. The articles are open for comments. Here is the CBC's report on the launch.

31 of 126 comments (clear)

  1. Deep inspection up your authorities by b0ttle · · Score: 5, Funny

    How would the authorities like to be deep inspected?

    1. Re:Deep inspection up your authorities by Anonymous Coward · · Score: 3, Funny

      How would the authorities like to be deep inspected?

      If there's a Slashdot achievement for getting a +5 on a Goatse link, you just missed your chance at it.

    2. Re:Deep inspection up your authorities by causality · · Score: 4, Insightful

      How would the authorities like to be deep inspected?

      That's a good question.

      This summary mentions education about deep packet inspection. To me that's a very simple thing that boils down to a few questions:

      Do you want your ISP and potential unknown/unaccountable parties to be able to easily monitor, intercept, and record some or all of your Internet traffic? Do you want profiles built on this information that will compromise your privacy and could be used to serve advertisements or to micromanage your Internet usage? Do you feel like QoS, which will be the given reason/excuse, is such a good and desirable thing that it's worth all of these disadvantages?

      Like so many things that are not the result of overwhelming customer demand, this is a bad idea that is open to all sorts of abuse.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:Deep inspection up your authorities by memorycardfull · · Score: 4, Funny

      When Larry Craig taps his foot that means he is up for a deep inspection if you are...

    4. Re:Deep inspection up your authorities by Anonymous Coward · · Score: 4, Insightful

      it's just going to push more and more protocols to use TLS wrappers and to use random "legit looking" ports (like 20, 21, 80, 443, 110), a la Skype and most IM clients nowadays

      Good luck deep inspecting that crap

    5. Re:Deep inspection up your authorities by causality · · Score: 4, Insightful

      it's just going to push more and more protocols to use TLS wrappers and to use random "legit looking" ports (like 20, 21, 80, 443, 110), a la Skype and most IM clients nowadays Good luck deep inspecting that crap

      That's true. You'd think that "spam vs anti-spam measures" alone or "windows viruses vs windows virus scanners" alone would have taught us, by now, how to recognize an arms race when we're about to start one. This is what I mean when I say that our culture does not value foresight.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    6. Re:Deep inspection up your authorities by HTH+NE1 · · Score: 4, Interesting

      Do you want your ISP and potential unknown/unaccountable parties to be able to easily monitor, intercept, and record some or all of your Internet traffic? Do you want profiles built on this information that will compromise your privacy and could be used to serve advertisements or to micromanage your Internet usage? Do you feel like QoS, which will be the given reason/excuse, is such a good and desirable thing that it's worth all of these disadvantages?

      The Internet will become more like an airport: all your packetages will be subject to inspection without need for a warrant or probable cause and denied travel accordingly.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  2. The description's a little "excited" by davecb · · Score: 4, Insightful

    It's a hacky technology to implement QOS because folks don't like setting the QOS bits and protocol in the headers. Usually because some Microsoft firewall only allows http on port 80 (;-))

    It's the use of it by the famous "men of good will but little understanding" that is bad, plus of course the use of it by men of ill will.

    --dave

    --
    davecb@spamcop.net
    1. Re:The description's a little "excited" by causality · · Score: 4, Insightful

      It's the use of it by the famous "men of good will but little understanding" that is bad, plus of course the use of it by men of ill will.

      The former category is much more dangerous. At least most people recognize ill-will when they see it. By far people with good intentions and no comprehension of the "law of unintended consequences" do more damage to the world than do people with openly evil intentions.

      No politician ever increased state power by saying "I'd like to see this nation become a totalitarian state and you should support me because this law will bring it closer to that goal." They do it by saying "this is for your safety" or "this is to stop terrorism" and the people who mean well and don't understand the damage they can do will eagerly eat that shit up. That's true whether or not the politician himself believes anything he is saying.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    2. Re:The description's a little "excited" by Ungrounded+Lightning · · Score: 4, Interesting

      As I understand it:

      ISPs don't implement the QoS (Type of Service) field because (back before THEY needed it for services) Microsoft deployed an IP stack in Windows that "improved" their own file transfers and other IP traffic by demanding high QoS for everything.

      Because of that (and the threat of bad guys cheating) the ISPs don't trust the field when coming from a customer. So there wasn't a strong driver for implementing QoS in the ISPs and backbone

      IMHO the right solution is for ISPs to:
        - Write service level agreements that guarantee a certain bandwidth of high QoS traffic - for the whole feed to the customer, not per flow.
        - Start honoring the ToS field and policing the data rate at the edge router, and
        - When a packet would be dropped for exceeding the data rate for the enhanced service, instead REWRITE THE ToS FIELD for best-effort delivery (or whatever lower service level seems appropriate) and try to forward it under those terms.

      That way:
        - The ISP doesn't have to classify the flow according to traffic type to give the user high QoS for his critical services.
        - The ISP doesn't have to do a packet-recombine if the packet is fragmented to identify the flow for the trailing fragments (which don't carry the TCP/UDP port number).
        - The user / application can specify what special handling he / it wants.
        - Applications that try to "cheat" can only do so up to the bandwidth cap for the special handling. (But the user paid for that. So he can use his bandwidth for whatever he wants. It's not "cheating" any more.)
        - Excess traffic will still go through as well as it does now.
        - A "cheating" application WILL hurt the user's own really-needs-high-QoS service, giving users and applications providers an incentive not to request excessive QoS. (But it won't hurt ANYBODY ELSE's traffic.)
        - Authors of applications that need high QoS will have an incentive to specify it, since doing so will work.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    3. Re:The description's a little "excited" by causality · · Score: 4, Insightful

      Then again if you follow the train back far enough we can just blame *insert how you think the world came about here* for all evil.

      That's why it makes more sense to look at it in terms of enablers who could have chosen differently. The people could study statecraft and propaganda techniques. They could study dictatorships like the Third Reich or Italy under Mussolini to learn how these leaders came to power by preying on the desperation and the weaknesses of the people. They can familiarize themselves with the sorts of excuses and justifications that are given for the expansion of state power. They can learn argumentation and research so that they are equipped to investigate things on their own instead of requiring that premade conclusions be spoonfed to them. In short, they can shed the naivete and the ignorance that must be present before such horrors can arise.

      Any literate adult with Internet access can do all of these things. The only obstacle they could encounter would be their own laziness or unwillingness. I would say that we have a responsibility to do these things because everything that is good about the way of life that we presently enjoy depends on an informed citizenry. Our civilization is on the decline because people think this does not apply to them, or they think that someone else will take care of it, or they think that the latest celebrity-worship is more important.

      The evil politicians are like organisms in an environment. The environment in which they thrive consists of ignorant people who are far too naive and trusting and do not guard themselves against being deceived. If you set up this sort of environment, those organisms will appear in it and will prosper. Thus, I believe it is the people and their ignorance and lack of priorities that are far more to blame, for they provide fertile soil without which this organism could never succeed. It should be assumed that evil men will come along who will try to take advantage of our way of life to suit their selfish purposes. We should be prepared for this and well-able to deal with it by never rewarding it with the power it seeks to have. We are not. We think our enemies are our friends because they know how to tell us what we want to hear. That is the problem.

      --
      It is a miracle that curiosity survives formal education. - Einstein
  3. 21st Century Government Work by mrbene · · Score: 5, Informative

    Taking a quick look through the content at the government site, I must say I'm surprised. CC licensed content, links to external resources, a collection of international points of view. I'd be truly impressed if they'd managed to get all these folks in a room together.

    Regardless, kudos to Canada for hitting the 21st century.

    And I was doubly impressed to notice the absence of web beacons / analytics scripts.

    1. Re:21st Century Government Work by snowraver1 · · Score: 4, Informative

      Judging by the things that I have viewed by the Gov't of Canada, that seems par for the Course.

      --
      Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
    2. Re:21st Century Government Work by Nerdfest · · Score: 3, Funny

      Well, we do have other problems. ACTA is still on the table, and Bill C-61 is about to pop up again soon. We've recently been blamed by the US as the major source of film piracy.

      It's also snowing.

    3. Re:21st Century Government Work by bencoder · · Score: 4, Funny

      Can they ever get their facts straight?

      What are you talking about? Everyone knows it's the terrorists. It's always been the terrorists. We will fight them with our allies: Canada, China and Russia.

  4. obligatory by Dan667 · · Score: 5, Funny

    inspect this! ... askjdkasjdlajsldkjaskl djaksjdklasjdklajsldaskljdaljdaslkdjalkdjalsdj ... \

    1. Re:obligatory by Em+Emalb · · Score: 5, Funny

      I did not know you could do that with a kielbasa, you dirty, dirty young man.

      --
      Sent from your iPad.
  5. Deep Inspection is not the Problem by rob_benson · · Score: 4, Insightful

    D.I. is neither good or bad, it is the illegal or immoral application of the technology that is the problem. I really am amazed that no-one on a technology site noted that the heart of the debate on net neutrality is free speech, not deep inspection.

    1. Re:Deep Inspection is not the Problem by causality · · Score: 3, Insightful

      D.I. is neither good or bad, it is the illegal or immoral application of the technology that is the problem.

      It's a technology that almost no one wants except for those who are in a position to abuse it. That makes it difficult or impossible to view it as a "neutral" thing.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    2. Re:Deep Inspection is not the Problem by 99BottlesOfBeerInMyF · · Score: 4, Insightful

      It's a technology that almost no one wants except for those who are in a position to abuse it. That makes it difficult or impossible to view it as a "neutral" thing.

      I've seen quite a few "good" uses of DPI, from filtering out content trying to contact worm control channels to gathering statistics on Web site usage for academia. You can use DPI to slow down traffic going to any video hosting site not paying you a kickback or you can use it to filter out a DDoS attack on one of your network's clients. The technology is useful today, but we do need legislation to keep it from being abused.

  6. Deep Panty Inspection by SirBitBucket · · Score: 5, Funny

    Oh, must be in the wrong thread...

  7. Encryption stops this correct? by koan · · Score: 4, Insightful

    Doesn't a good encryption system stop DPI from giving any useful information?

    --
    "If any question why we died, Tell them because our fathers lied."
    1. Re:Encryption stops this correct? by gsgleason · · Score: 5, Informative

      Yes. If using ssl to secure whatever application is in question, they cannot see past the transport layer.

    2. Re:Encryption stops this correct? by BitterOak · · Score: 4, Insightful

      Doesn't a good encryption system stop DPI from giving any useful information?

      Any useful information? Sure! There is lots of useful information that can be gleaned even when encryption is used. Who are you communicating with? What protocol are you using? By looking at packet timing and packet sizes, much more information can be obtained than you might think, such as: are you web surfing vs. interactive keyboard login? Are you tranferring large files or reading short web pages? And if the structure of the web pages of the target site is known, the size of the packets transferred might even reveal which pages you were visiting. Some have even reported the ability to make educated guesses about keystrokes in interactive sessions based on timing of packets. Admittedly some of these features will have to wait for the next generation of DPI technology, but even today, a great deal of information can be collected.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    3. Re:Encryption stops this correct? by green1 · · Score: 4, Interesting

      They can however arbitrarily assume all encrypted data to be hostile and filter accordingly...

    4. Re:Encryption stops this correct? by click2005 · · Score: 3, Insightful

      I was going to say that wont work very well because of VoIP but as most ISPs are phone companies they probably dont want VoIP working too well either.

      --
      I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
    5. Re:Encryption stops this correct? by gweeks · · Score: 4, Interesting

      Take a look at:

      SSLIA

      Deep packet inspection inside SSL sessions. It's not the only one either.

    6. Re:Encryption stops this correct? by AK+Marc · · Score: 3, Informative

      Doesn't a good encryption system stop DPI from giving any useful information?

      Mostly. However, many DPI boxes are now including heuristics as well. Encrypted stream of 20k in and out to a single IP? Sounds like VoIP to me, toss it in that bucket. Encrypted 10k out and 1M in to a single IP? Sounds like a file download, toss it in that bucket. Encrypted 10k in from 20 hosts and 5k out to 15 hosts? Sounds like P2P, toss it in that bucket. If I can make such guesses easily, someone smarter than me has already coded those in and knows what your encrypted data is. Not what it contains, as that's never the goal of DPI, but what you are using it for. So encrypt it all you want. They'll know what you are up to anyway. Unless you do someting like Tor downloads and then it'll look more like P2P and you'll get even worse performance. Or, as someone else mentioned, if it isn't easily identifiable encryption, then they treat it like the least desired traffic. Hide all you want and they can still get you for it.

      --
      Learn to love Alaska
  8. Your Action, My Reaction by Nom+du+Keyboard · · Score: 4, Interesting

    You go for DPI.
    I go for encryption, SSL, and HTTPS. Even my slowest home system can easily handle this.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  9. Easy Fix by bobbuck · · Score: 3, Interesting

    Charge more for higher QoS. Give a discount for lower QoS.

  10. Re:Your reaction, my re-reaction by GravityStar · · Score: 3, Interesting

    MITM's. The answer to this is SSL ofcourse, and "don't allow SSL exceptions". (Don't run with scissors)

    But there has to be a better way for establishing the 'CA - domain' trust. Why isn't the trust chain 'ICANN CA - country domain operator CA - registrar CA - domain'?

    But first you need DNSSec anyway, otherwise you can validate the PKI chain, but not that everybody is who they say they are. (For example: Registrar CA's should only be valid on DNS records where they are listed as the Registrar.)

    After that, default to https and deprecate http for bonus points.