31 Jul 2008 17:29

Public and private entities can use deep packet inspection to analyse internet users' traffic, with potentially serious ramifications for privacy and the nature of the web

Anyone who uses the internet needs to be aware of deep packet inspection, its uses and potential misuses.

You may recognise deep packet inspection (DPI) as something internet service providers (ISPs) use to conform to the Communications Assistance for Law Enforcement Act (Calea), the US government-ordered internet wire-tapping directive. If that's not enough, DPI, albeit behind the scenes, allows ISPs to block, shape, and prioritise traffic, which is now fuelling the net-neutrality-versus-traffic-priority debate. So, what is DPI and how does it work?

Deep packet inspection
DPI is next-generation technology that's capable of inspecting every byte of every packet that passes through the DPI device. That means packet headers, types of applications and actual packet content.

Up until now, this wasn't possible with intrusion-detection or intrusion-prevention systems (IDS/IPS) or stateful firewalls. The difference is that DPI has the ability to inspect traffic at layers 2 through to 7 — hence the 'deep' in DPI.

A simple analogy would be that of snail mail. IDS/IPS firewalls would be the mail sorters who just read the letter's address, knowing nothing about the letter's content. Inspecting internet traffic from layers 2 through to 7 would correspond to the person who actually reads the letter and understands the contents.

To recap, DPI allows the people controlling the device to know everything, including the payload of each packet in the data stream. For example, if an unencrypted email is scanned, the actual body of the email can be reassembled and read.

Nate Anderson wrote an excellent Ars Technica article, Deep packet inspection meets net neutrality, Calea, in which the following quote appears:

"Deep packet inspection refers to the fact that these boxes don't simply look at the header information as packets pass through them. Rather, they move beyond the IP and TCP header information to look at the payload of the packet. The goal is to identify the applications being used on the network, but some of these devices can go much further; those from a company propecia baldness hair loss like Narus, for instance, can look inside all traffic from a specific IP address, pick out the HTTP traffic, then drill even further down to capture only traffic headed to and from Gmail, and can even reassemble emails as they are typed out by the user."

Anderson also explained what happens at layer 7:

"Layer 7 is the application layer, the actual messages sent across the internet by programs like Firefox or Skype or Azureus. By stripping off the headers, deep-packet-inspection devices can use the resulting payload to identify the program or service being used. Procera, for instance, claims to detect more than 300 application protocol signatures, including BitTorrent, HTTP, FTP, SMTP and SSH. Ellacoya reps tell Ars that their boxes can look deeper than the protocol, identifying particular HTTP traffic generated by YouTube and Flickr, for instance. Of course, the identification of these protocols can be used to generate traffic-shaping rules or restrictions."

What makes DPI all the more impressive is that the packet analysis happens in real-time, with data stream throughput approaching 20-30Gbps. With no loss of throughput, ISPs are able to insert these devices directly in their data streams, forcing all traffic to pass through the devices. Procera, Narus, and Ellacoya are front-runners in the development of this technology, having placed equipment throughout the world.

DPI's potential uses
DPI technology is unique in that, as of now, it's the only way to accomplish certain US governmental security directives. DPI also has the potential to do a great deal of good. For example, distributed denial-of-service (DDoS) attacks are virtually impossible to thwart. Conceivably, if DPI were in place and configured correctly, it would detect the DDoS packets and filter them out. Some more potential uses are listed below:

• Network security: DPI's ability to inspect data streams at such a granular level may prevent viruses and spyware from either gaining entrance to a network or leaving it
• Network access: DPI creates conditions where network-access rules are easy to enforce due to the deep inspection of packets
• Calea compliance: DPI technology augments traffic-access-points technology used initially for governmental surveillance equipment
• Enforcement of service-level agreements: ISPs can use DPI to ensure that their acceptable-use policy is enforced. For example, DPI can locate illegal content or abnormal bandwidth usage
• Quality of service: P2P traffic gives ISPs a great deal of trouble. DPI would allow the ISP to instigate traffic control and bandwidth allocation
• Tailored service: DPI allows ISPs to create different services plans, which means users would pay for a certain amount of bandwidth and traffic priority. This point is controversial and affects net neutrality
• DRM enforcement: DPI has the ability to filter traffic to remove copyrighted material. There's immense pressure from the music and film industries to make ISPs responsible for curtailing illegal distribution of copyrighted material

The above applications have the potential to give users a better internet experience. Yet it wouldn't take much mission creep to create major privacy concerns. It would be remiss if these were not pointed out so that everyone can understand the ramifications.

Possible misuses of DPI
DPI is another innovative technology that has ISPs arguing with privacy advocates. ISPs and DPI developers are adamant that the technology is benign and will create a better internet experience. However, privacy groups have two major concerns: that there would be little or no oversight, and the potential for losing still more individual privacy. Many experts find the following uses of DPI to be especially troubling:

• Traffic shaping: Traffic shaping is where certain traffic or entities get priority and a predetermined amount of bandwidth. With the increasing number of bandwidth-hungry applications, ISPs are having to make decisions on whether to increase available bandwidth with infrastructure build-out or increase control of the existing bandwidth. Installing a DPI system is usually the choice, as it's cheaper and has a more predictable return on investment. Albeit cheaper, it's riskier, and that may be why the net-neutrality debate is going on at the moment 
• Behavioural targeting: Behavioural targeting uses DPI technology for the sole purpose of harvesting user information anonymously — supposedly — and selling it to interested parties who use the information to create ads that are targeted to the individual

Final thoughts
This is a very complex subject, with the potential to change everyone's view of the internet. An optimist would say that DPI will help enhance the experience, even producing ads that are relevant to each individual user. However, a pessimist may say it's Big-Brother technology that only benefits ISPs. No-one is sure how the internet will look when the dust settles around the issue of DPI, but it should be interesting.

Michael Kassner is a network field engineer and independent wireless consultant.

I don't know about you, but one thing I cannot stand is when my computer does something without my permission! Have you ever been working on your computer propecia baby when a little screen pops up telling you an update has been installed? It usually tells you your computer needs to be restarted and if you don't click “Restart Later,” your computer will automatically restart after one minute.

I tell you what, that little window has caused me so much trouble! There have been times when I have walked away from something I was working on, only to come back and find out my system has restarted on its own and all of my work is gone. How frustrating!

Well, today, I'm happy to let you know that I have found a way to get rid of that pesky annoyance for good! This week's free download is called Auto Reboot Setter and it makes that pop up window go away for good. Just install the program and your computer will no longer shut down without your permission. Yes!

You can download Auto Reboot Setter for yourself right here. Just click on Run and choose Disable Auto Reboot. Enjoy!

This week's security article will be a little bit different, but it's definitely worth the read! I know I spend a lot of time telling people what to do to keep their computers safe. I always tell people to keep programs up to date, never reply to spam and keep a good set of security tools available. That's what you should do, but what if you don't? What if you replied to every spam message you ever received? What would happen to your computer and your identity?

Well, I found a very interesting experiment that aimed to find the answers to those very questions. The project is called the Spammed Persistently All Month (S.P.A.M) Experiment. The study was put together by the McAfee security company and it found some very interesting results.

The experiment was conducted all over the world by 50 different volunteers. McAfee gave each of those people a brand new computer with no antivirus or spam filtering software. They were also given a PayPal account to make payments for items they decided to investigate. Each of the volunteers in the experiment were told to respond to every spam e-mail they received. They were also told to visit "bad" Web sites and follow through with phishing e-mails propecia anger they received. The results were unbelievable!

Most of the volunteers were left with computers that would barely function, e-mail boxes that were crammed with spam and mail showing up at their front door addressed to the fake names they used for the experiment. The U.S. volunteers received 23,233 spam e-mails by the end of the one month study. That was the most compared to the rest of the world. Eighteen percent of the e-mails were phishing e-mails and the largest amount was in English.

The study shows exactly what happens if you're not careful on the Internet. It's not hard to have your computer completely taken over by junk!

If you want to read more about the S.P.A.M Experiment, you can visit the Web site where each of the volunteers kept a blog. They wrote about their experiences daily. You can check it all out right here. Until next time, stay safe out there, my friends!

Q:
You've gone over how to create a shutdown shortcut for both Windows XP and Vista, but what about a restart shortcut? Is it possible to make one of those too?

A:
Oooh, great question! First of all, you're absolutely right. In recent newsletters, we here at WorldStart have told you how to create a shortcut to shut propecia and shedding down your Windows XP or Windows Vista computer. If you happened to miss out on those two tips, you can read here for XP and here for Vista. Both have similar instructions, but it's very important to follow along with the directions for the operating system you use. Otherwise, who knows what you might create!

Now, since you now know how to quickly shut your computer down, wouldn't it be nice to be able to restart it just as fast? You know, maybe your computer froze up on you and you need a speedy escape route. Or, perhaps you're just trying to restart your computer after a program install. Either way, there is, in fact, an easy way to create a restart shortcut for your computer as well. I'll go over the directions for XP first and then move on to Vista.

In Windows XP, right click on your desktop and go to New, Shortcut. In the wizard box for "Type the location of the item," enter this in: %windir%\System32\shutdown.exe -r. (It may be best to copy and paste that into the box to make sure you have it correct). Click Next when you're done and then Finish to complete the process.

In Windows Vista, right click on your desktop and go to New, Shortcut. You will then see the New Shortcut wizard pop up on your screen. The first box will ask you for the location of your shortcut. In the box, type "shutdown.exe -r -t 01" (without the quotations). Then just simply hit the Next button to finish out the process.

No matter which operating system you use, you will now see a new icon on your desktop and you can test it out by double clicking on it. Once you do, your computer will restart for you, just like it would if you went to Start, Restart. You can also rename your shortcut by right clicking on it and choosing Rename. You can name it whatever you'd like. I went the simple route and named mine "Restart," but I'm sure you can come up with something a little more clever!

Either way, you now have a restart shortcut for your computer, just like you wanted. I bet your computer has the fastest shutdown and restart times in town and I don't know about you, but I don't think it gets any better than that!

I love to find lyrics to songs I like. I feel I can get a better understanding of the song or I can double check a lyric to make sure I heard it right. But the one thing I have always hated about lyric Web sites is all the pop ups you have to wade through. Well, not anymore. Now, there's lyricsfly!

And as far as lyric sites go, let me tell you, I’m in love! Not only can you search by Artist, Song, Album or Lyrics, but you can submit lyrics, correct lyrics and so much more.

You all know I love Charlotte Martin, so the first thing I did was an Artist search to see if any of her songs' lyrics made it on the site. I was happy to find Wild Horses.

On the page with the lyrics, you’ll find propecia and receding hairline that you can Print, E-mail, Correct and even Delete the lyrics. You will also find that they list similar artists and sometimes, there will even be an MP3 file you can listen to.

Under the Info tab, you’ll learn about ways to better search for the lyrics you're looking for. You will also find information about the Web site and its goals.