and from the "No taps for you" department...

Tue, 15 Jan 2008 15:06:53 +0000

This one is a beauty - on Jan. 10th of this month, the ACLU issued a statement that reported that a FBI wiretap was "unplugged" due to a lack of payment. The ACLU is quick to point out that this action was taken from the same telecoms that permitted the tap without the proper approvals...

From Michael German, ACLU National Security Policy Counsel: "It seems the telecoms, who are claiming they were just being "good patriots" when they allowed the government to spy on us without warrants, are more than willing to pull the plug on national security investigations when the government falls behind on its bills."

Adam "voiploser" Uzelac
DISCLAIMER: The comments here are mine only. They don't necessarily reflect intelligence, refined thoughts, or anything that the reader should take too seriously. Should the reader expect a polished thought process in the content addressed here, then a strong dose of medication should be prescribed to address that misconception.

Ready for a scary thing? Deep Packet Inspection!

Thu, 02 Aug 2007 18:57:49 +0000

According to Wikipedia Deep Packet Inspection is “a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non-protocol compliance or predefined criteria to decide if the packet can pass. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.”

First off, this is a very real technology. A quick search via google brought the company Bivio Networks to my attention. (* Disclaimer: I have no interest, financial or otherwise with this company.) Bivio’s 7000 series claims that
“when fully configured, the 7000's application processing subsystem offers 45,000 MIPS -- enough to run "any IP network service" at wire speeds up to 10Gbps -- including IDS/IDP, firewalling, VPN, network surveillance, lawful interception, and application traffic management. Developers can use any of the standard Linux components (such as iptables) as part of their deep packet processing applications.

Now let’s look at some of the implications of DPI. A very interesting article on here from ars technica puts things in an interesting light:

“Imagine a device that sits inline in a major ISP's network and can throttle P2P traffic at differing levels depending on the time of day. Imagine a device that allows one user access only to e-mail and the Web while allowing a higher-paying user to use VoIP and BitTorrent. Imagine a device that protects against distributed denial of service (DDoS) attacks, scans for viruses passing across the network, and siphons off requested traffic for law enforcement analysis. Imagine all of this being done in real time, for 900,000 simultaneous users, and you get a sense of the power of deep packet inspection (DPI) network appliances.
Although the technology isn't yet common knowledge among consumers, DPI already gives network neutrality backers nightmares and enables American ISPs to comply with CALEA (government-ordered Internet wiretaps) reporting requirements. It also just might save the Internet (depending on who you believe). “
The power of this technology is simply awesome, and the impacts it can have are serious. The current state of government mandated network monitoring forces some network operators to consider implementing this. One word jumps to my mind, and that’s SCARY – and I am not referring to my driver’s license picture either!

By the way, did I mention that the above Bivio 7000 is listed at $10,000!

IP Convergence: Beyond VoIP, Beyond Cost Savings - Security

and from the "No taps for you" department...

Ready for a scary thing? Deep Packet Inspection!