NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: "Deep Packet Inspection" Trade Group


One question, however:

But is it, should it be, or can it be the ISPs responsibility to block
attacks both outbound and inbound?  As a security person, my answer is
a big YES, because thats what we do on corporate networks, and better
net hygiene would be better for all.

The problem is feature creep on DPI, not that you CAN do DPI, as the
same framework (eg, the Bro IDS) that you use to block attacks can be
the same framework to go a huge number of games (such as mining URLs
to build a profile of a user to determine which advertisements to
inject, and do that injecting if you have an inline-version) that most
sane people, me included, would call Pure Evil (tm).

Also, DPI is somewhat of a red herring in this debate: much of the
interestingly dangerous stuff the ISP might want to do, such as
discriminatory traffic behavior for VoIP to reduce competition with
the ISPs offering, or blocking P2P applications, can be done with
traffic analysis on headers, and in many cases with just Netflow data.