[LINK] Deep Packet Inspection

Kim Holburn kim at holburn.net
Tue Jun 8 18:26:59 AEST 2010


On 2010/Jun/08, at 5:54 PM, Tom Koltai wrote:
> -----Original Message-----
>> From: link-bounces at mailman1.anu.edu.au
>> [mailto:link-bounces at mailman1.anu.edu.au] On Behalf Of Stilgherrian
>> Sent: Monday, 7 June 2010 7:58 AM
>> To: Link list
>> Subject: Re: [LINK] Deep Packet Inspection
> <SNIP>
>>
>> We eventually got this:
>> Telecommunications (Interception and Access) Amendment Bill
>> 2010
>> http://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p
> ;adv
> =yes;db=;group=;holdingType=;id=;orderBy=priority,title;page=0;query
> =Dataset%3AbillsCurNotBef 
> %20interception;querytype=;rec=4;resCount=Defau
> lt
>
>>> Here's a direct link to the PDF of the Act as passed.
> http://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r4196_asp
> assed/toc_pdf/09163b01.pdf;fileType=application%2Fpdf
>
>>> This has been passed as Act no 2 of 2010.
>
>>> Someone else will have to read it, 'cos I'll soon be busy this
> morning.
>
>
> OK - Here we go....
>
> I'm sticking my hand up as an ex-carrier in four countries and an ex- 
> ISP
> in seven.
>
> DPI if used as it was originally designed - is a good thing.
>
> DPI is basically the tool that CSP's require to be informed of the
> traffic flow information on their networks.
> Without understanding the traffic flow, one can't plan or manage.
>
> Reading a header to determine the traffic type is not a breach of
> privacy.

Hi Tom,

I'm sorry I don't agree with your definition of DPI.  I have run DPI  
intrusion detection systems.  They are nothing like routers.  They do  
examine the packet contents albeit in an automated way.  They can be  
very useful to detect malware.

Reading headers is not DPI.  It's just what routers do.  DPI is  
examining the contents of packets.
http://en.wikipedia.org/wiki/Deep_packet_inspection
> Deep packet inspection (DPI) is the act of any packet network  
> equipment which is not an endpoint of a communication using non- 
> header content (typically the actual payload) for some purpose. This  
> is performed as the packet passes an inspection point, searching for  
> protocol non-compliance, viruses, spam, intrusions or predefined  
> criteria to decide what actions to take on the packet, including  
> collecting statistical information. This is in contrast to shallow  
> packet inspection (usually called Stateful Packet Inspection) which  
> just checks the header portion of a packet.[1]
>

You might consider that it's possible to run an application layer  
gateway, which also looks at the packet contents, I'm not sure that  
this is called DPI either although I doubt an application layer  
gateway would cover all protocols.

> Sorry folks - I insist that DPI in this instance is identical to an
> Australia post courier sorter/postie looking at the stamp on an  
> envelope
> to see whether the item is airmail or surface mail.
>
> We didn't need the legislation to confirm that. It's been a fact of  
> life
> in most ISP's and Carriers since around 1996.
>
> The roads we call them traffic lights, on the net we call them  
> "traffic
> shaping", "traffic limiters", "QOS".
>
> Without DPI, the internet would not work. Ipso Factum!
>
> Therefore Journos that discover that their carrier is "Gasp!!! Using
> DPI, need not publish the fact. I think a more newsworthy article  
> would
> be the ISP that has a QOS capable network delivering non broadcast
> stream Video, VOIP and Music streaming without DPI.
>
> DPI is not designed to read the packet contents and a conscientious  
> and
> responsible Telco won't ever go past the header data.

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request












More information about the Link mailing list