×

• • Re: (Score:2)

    by ciurana ( 2603 ) writes:

    What year is this? 1998?
• • Re:dpi looking at images (Score:5, Informative)

    by houstonbofh ( 602064 ) writes: on Sunday May 19, 2019 @12:10PM (#58618540)

    Of course while you are doing that you can also look for people talking about guns, abortion, Christianity, tax avoidance, protests… When ever a politician says something is “for the children” it is absolutely not for the children.

    Reply to This Parent Share

    twitter facebook linkedin

    Flag as Inappropriate
  • Re: (Score:2)

    by Z00L00K ( 682162 ) writes:

    Assuming that the information passed isn’t encrypted that would work.

    But today anyone doing something illegal or immoral would use encrypted channels anyway unless they are complete morons.

    Doing deep packet inspection may however reveal certain data packing structures so that for example TOR traffic or other VPNs can be identified and possibly diverted or blocked.
  • You are not law enforcement. (Score:1)

    by Anonymous Coward writes:

    You are common carriers!

    It is not your right to perform vigilante law enforcement. That’s what cops are for. They can walk the online beat just as well. And even they do not get to judge. The actual judgle does that.

    You can go to prison for doing that offline.

    Besides: Since we are not ruled by Catholibans (closeted child rapists projecting their perversions onto society) over here, it is perfectly fine to own pictures of your children on the bathtub or on the beach, being completely naked like nature intend
  • Re: (Score:2)

    by guruevi ( 827432 ) writes:

    It is already done, hence why they know when you are torrenting or doing something against the state or other corporate interest. There is no money in politics to be made of child abuse enforcement, you generate some goodwill but there is no division so you won’t gain votes and the victims don’t have the means to lobby (bribe), hence nothing will ever be done about it.
• • Re: (Score:2)

    by iggymanz ( 596061 ) writes:

    You are funny, the government requires this to be done and they are the ones who get to define what “legal” is. Power and money grubbing scum in the pockets of large corporations define and enforce your laws. Don’t you ever forget it.
  • Re: (Score:2)

    by houstonbofh ( 602064 ) writes:

    You did not even have the read the article…
    “some telecom regulators appear to be pushing for the legalization of DPI technology.”
    Governments love making exceptions to the laws the rest of us must follow.
• Honest question (Score:2)

  by fluffernutter ( 1411889 ) writes:

  Honest question, doesn’t use of a VPN service make all this moot? They can’t deeply inspect encrypted packets can they?

  • Re: (Score:2)

    by houstonbofh ( 602064 ) writes:

    This is assuming a few things. One is that the VPN is secure. And the other is that the VPN is legal. If you think this will remain likely, just look at what happens to encrypted email services…
  • Re: (Score:2)

    by Z00L00K ( 682162 ) writes:

    They could be able to do a man in the middle attack, but they could use it just to track down your VPN and then maybe induce patterns that could be detected at the VPN exit node – like fiddling with the latency of the packets. That could be enough to connect you to a certain pattern.

    Not many would really be able to see if there are appearantly random delays of the packets and rather file that under congested VPN server or internet link somewhere.
  • Re:Honest question (Score:5, Informative)

    by lkcl ( 517947 ) writes: <lkcl@lkcl.net> on Sunday May 19, 2019 @12:57PM (#58618760) Homepage

    Honest question, doesn’t use of a VPN service make all this moot? They can’t deeply inspect encrypted packets can they?

    no, however the ISP will typically have access to the data coming *from* the VPN, to the server on their network, and that’s not going to be encrypted by the VPN service, is it?

    i worked for a company that developed DPI, and it was basically necessary as part of a rush-botched EU “Data Retention” Law that required ISPs to keep accurate metadata records of all traffic going through their network for up to ONE YEAR.

    can you even imagine how insane that is, and how much information needed to be collected? a big ISP would be looking at the order of what… several hundred thousand packets per second, where at least 20-30 separate and distinct “scripts” (what’s the DNS name being requested, what’s the src IP of this HTTPS request, is it a new connection or an old one?) need to be run on *each packet*.

    the processing and storage requirements are just off the charts.

    but let’s be clear about this: the reason why the ISPs are collecting metadata is BECAUSE EU LAW REQUIRED THEM TO.

    the thing is: there’s not actually a lot that can actually be detected (usefully) about any given “individual”. src IP, dest IP, src port, and given that a lot of traffic is encrypted it’s not actually that useful to go into the actual data stream – that’s even if it can be reconstructed (stateful connections we found particularly hard to reconstruct, given that this is *real-time* processing we’re talking about).

    what DPI *is* useful for is not the metadata collection about *people*, it’s extremely useful to detect DDOS attacks, low-probability hacking attempts (repeated persistent below-the-radar logins over several months). that kind of information, particularly when coordinated globally from different points, is actually useful to keeping the infrastructure of the internet actually running and free from major DDOS and other attacks. that was the business that my client was in, and it was why (as an ethical software engineer) i was happy to help them.

    Reply to This Parent Share

    twitter facebook linkedin

    Flag as Inappropriate
• DPI is looking inside the envelope to deliver mail (Score:3, Insightful)

  by Anonymous Coward writes: on Sunday May 19, 2019 @11:50AM (#58618472)

  It should simply be illegal. The only information you need is in the IP header (not even the TCP or UDP header).

  Reply to This Share

  twitter facebook linkedin

  Flag as Inappropriate

  • Re: (Score:1)

    by JoeyDot ( 5981942 ) writes:

    Having worked in an ISP, there are some good reasons to have DPI and it’s really not possible to entirely make it impossible for abuse to occur by removing the mechanism. If you do that you’ll soon get to the point of having nothing left but an empty space and you can’t provide an ISP service with absolutely nothing. It’s a mistake sometimes to attack the mechanism and not the abuse. The IP header alone is potentially enough to to cause problems. While it’s very important to safeguard consumers, there’s a p
• Encrypted connections? (Score:2)

  by PPH ( 736903 ) writes:

  So some ISP manages to crack encrypted connections and examine network traffic. Because of ‘Muh kids’ and CP. But they inadvertently get a peek at some classified communications.

  Question: Who at the ISP in question gets thrown in the cell next to Chelsea Manning?
• Qwest CEO (Score:4, Interesting)

  by ArchieBunker ( 132337 ) writes: on Sunday May 19, 2019 @12:26PM (#58618626) Homepage

  Here’s what happens when you don’t play ball with Uncle Sam. https://www.eff.org/deeplinks/… [eff.org]

  Reply to This Share

  twitter facebook linkedin

  Flag as Inappropriate

  • Re: (Score:1)

    by Anonymous Coward writes:

    This kinda stuff is perfect for voir dire. Prosecutors hate it when you tell them you might not follow the law, and then cite past examples of law enforcement not following the law. SS illegally hard wired a phone tap to my line back in the 90’s during Operation Sun Devil, and now I get to tell that story in court. It’s perfect. Peremptory challenge, please, and thank you!
• • • • Re: (Score:2)

        by guruevi ( 827432 ) writes:

        Home ISP’s block ports 1-1024 to prevent hosting servers on a ‘home’ connection. They also (sometimes) block/firewall other protocols as a service so they don’t get in trouble themselves (eg. a bare port 25 outgoing to non-commercial network ranges may be blocked)
  • • • Re: (Score:1)

        by Anonymous Coward writes:

        They shouldn’t look at ports. QoS is an excuse for not eliminating congestion. Without congestion, QoS is unnecessary. If you can keep “voip and interactive things” working despite congestion, then this makes it easier to not deliver the bandwidth you sold.
• Deep packet inspection v. packet manipulation (Score:2)

  by niftymitch ( 1625721 ) writes:

  Deep packet inspection is part and parcel to packet manipulation even packet editing.

  Destination IP and MAC addresses can be edited.
  URIs can be edited (yes check sums scrubbed clean).

  Source and services can be routed through a SIP (serial line IP) 2400 baud network link if they like.

  While hard to do them all … traffic classification and shaping to good and bad ends are quite
  possible.

  The only reason to inspect packets is to make decisions and shape traffic.
  Traffic shaping by ISPs that are also content pro
• VPNs should become standard (Score:2)

  by VeryFluffyBunny ( 5037285 ) writes:

  Everyone should use a VPN. VPNs should be independent services, especially from ISPs, & preferably outside your own government’s jurisdiction & intelligence sharing agreements. I can see countries with strict privacy laws like Switzerland being popular for this.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.