Know the Enemies Capabilities

Discussion in 'Resources' started by Hechicera, Aug 7, 2009.

  1. Hechicera Member

    The term "deep packet" inspection is what has been talked about as the source of Iran's strong network censorship. There are other keywords you should watch to see when this technology is present: "payload" inspection and "Layer 7" inspection. This technology is being rapidly developed and marketed by more than one company, and they have set up an industry organization to promote it's use.

    Three leading companies:
    Qosmos QOSMOS - Network Intelligence - Deep Packet Inspection

    Narus Narus

    Ipoque ipoque :: Bandwidth Management with Deep Packet Inspection - DPI

    Note that all are fully programmable and interface with other applications. So capabilities of a system as sold "off the shelf" can be modified and enhanced by the purchaser. Reading a white paper spec. on system capabilities and assuming it doesn't have a certain capability could be a bad assumption. One application they mostly claim to provide integration with is this one:

    NetWitness - Total Network Knowledge&#8482

    Other things of note:
    Narus' installed base:
    Narus Customer Profile

    Is there a glowy dot near you? Read the webpages, check out the companies which partner them. Be aware of privacy laws in your own country, and how they apply to network traffic. Most are not as strong as you think, all need to be updated in some areas to cover new technology.

    Here is the industry webpage:
    Read their propaganda. Read the advise to lawyers, to ISPs. Read the marketing.
  2. This is not news


    This has been going on for about 15 years now for (IP based traffic) so why the surprise. The tools are security tools. One can hardly hold the designers, manufactures and companies accountable for the actions of a rogue regime let alone for selling the wares that the marketplace demanded. For breaking sanctions yes nail them to the wall.

    Back in the day I personally helped design some of the early equipment and deployments in the USA in fact I even tried to warn crypto users that their traffic was vulnerable and pretty much told on this list I did know of which I speak so I am even reluctant to post. Yes I feel bad for the green men/women but not sorry for them as they let it get this far, now we just sit and watch their precious Iran eat itself.

    IP Technologies White Papers
    Algorithms for Packet Classification
    Overview The process of categorizing packets into “flows” in an Internet router is called packet classification. All packets belonging to the same flow obey a pre-defined rule and are processed in a similar manner by the router. For example, all packets with the same source and destination IP addresses may be defined to form a flow. Packet classification is needed for non “best-effort” services, such as firewalls and quality of service; services that require the capability to distinguish and isolate traffic in different flows for suitable processing. In general, packet classification on multiple fields is a difficult problem. Hence, researchers have proposed a variety of algorithms which, broadly speaking; can be categorized as “basic search algorithms,” geometric algorithms, heuristic algorithms, or hardware-specific search algorithms. This white paper describes the algorithms that are representative of each category, and discusses which type of algorithm might be suitable for different applications.

    Algorithms for Packet Classification from Stanford Knowledgebase White Papers at

    Then to decryption after classification

    pick a suitable product:

    Security Products for Embedded Computing | Military Embedded Systems

    And wala clear text data for forensic investigation.
  3. Hechicera Member

    I realize it is not new. But the ability to monitor traffic at Layer 7 while maintaining fast transmission speeds is new. The programmable nature of their interfaces is new. The laws have not caught up, anywhere. Like you said, most people don't realize many ISPs (and likely every savvy intelligence agency) can inspect can inspect every layer now in real time against heuristics.

    Fifteen years ago is about when I was at Northern Telecom & Sprint. Some of these tools may be being used for standard admin tasks, but they are being installed everywhere and laws vary on acceptable use. Iran could have gotten quite powerful programmable censorship tools and just stated it was for "packet shaping and efficiency" not even legal intercept.

    I am just passing out information on the subject. Now is the time to become educated and understand the technology, its good uses and bad uses. Not everyone will have the same opinion. File sharers will be more upset about "packet-shaping" and "monetizing traffic" than non file-sharer's for example. But lawyers are gearing up in industry groups to pass laws that allow extensive inspection of Layer 7 as routine. I think network users should understand what this means. Laws will also vary across the world.

    What is an appropriate law for your country? Does it have it? How is monitoring of ISPs compliance to ensure they aren't exceeding the law (by illegal request or for profit motive) handled by law? Is export of this technology covered? Is it covered under all the keywords that can be used for the technology?

    If we can't put this genie back in the bottle, what can be done to ensure use consistent with free speech in open countries and limit its abuse under repressive regimes?
  4. Hech,

    Should have guessed by the research triangle address spent my fair share of time between Ottawa and Toronto in the late nineties before NT crashed and appears to be still burning.
  5. Hechicera Member

    Yes, the ex-Nortel employee support group here is *huge* ... and growing. :( I actually left pharmaceutical/medical computing for Nortel, way back when. Then I got out early to Sprint, many of my friends did not. :(
  6. CradleOfCiv Member

    Haha.. Still Nortel here.. Hi guys :D Lend me a hand on the unemployment queue will you ;)

    As sympatizer of the pirate party of sweden, I must say I am against looking at anything on the packets other then the ip address... definitely not layer 7... All info is created equal and endowed by its creators certain unalienable rights among which are time-to-live, don't fragment bit and destination ip... Even porn.
  7. Retard.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins