Pages

Pages

Tuesday, August 05, 2008

Inspecting the inspectors - reverse-engineering DPI

In October last year, after Comcast's heavy-handed DPI backfired, I wrote "I'm expecting quite a lot of Comcast-type attempts to be outed by people monitoring traffic flows and reverse-engineering what's causing problems."

Well, I see that a throttling detector has now been formally launched by the EFF.

I'm expecting Keynote-type live reports on ISP traffic-shaping tactics to emerge over the next year or two.

Eventually, it'll be a bit like a weather forecast "We're expecting some heavy VoIP blocking by ISP#1 this afternoon, with patches of throttled BitTorrent on ISPs #2-7 through the rest of tonight. The weekend looks pretty good though, with new neutrality laws from the US Congress and the European Commission coming into force on Friday evening".

3 comments:

  1. Anonymous11:59 pm

    Well, I suppose maybe this flags the folks who use DPI out-of-line and use RSTs and similar methods. But how will one flag the vast majority of DPI users who deploy in-line, in a fully transparent mode?

    ReplyDelete
  2. What's an RST?

    Also, by "fully transparent mode" do you mean one in which DPI is just examining packets/flows but not actually enforcing some sort of traffic management policy?

    Aside from some privacy issues, most people don't have an issue with service providers *watching* what is flowing on their networks, as it potentially allows them to provide better services in future.

    What's problematic is the use of traffic-shaping or application-blocking when the specific policies are not published openly.

    If an operator says "unlimited downloads, but BitTorrent throttled to 100kbit/s" or "no Skype" then that's clear & customers can make a choice to take their business elsewhere. What's unacceptable is fo service providers to actively degrade flows without advising their customers in advance.

    ReplyDelete
  3. Anonymous12:09 pm

    Dean,

    I completely agree with you!
    Monitoring ok. But manipulating traffic without being honest about it is just plain wrong and should not be accepted.

    Are there already watchdog sites out there that publish who's (ISP's) doing this and who is not?

    Edsard

    ReplyDelete