15 October 2009 | 10,000 views

Deep Packet Inspection Engine Goes Open Source

Check Your Web Security with Acunetix

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).

I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like Snort.

http://opendpi.org/

Deep packet inspection (DPI) hardware can identify an astonishing array of protocols passing across the Internet—up to and including protocols that are rare even to us in the Orbiting HQ (Gadu-Gadu? Manolito? Feidian?). But if you’ve ever wondered just how this can be done, and done at wire speed, wonder no more: Europe’s leading DPI vendor has open-sourced a version of its traffic detection engine.

OpenDPI.org is the new home for ipoque’s open source project; anyone interested can take a look at the code or contribute patches. The goal in this case, though, isn’t so much about crowdsourcing product development but about easing consumer fears about DPI technology.

Klaus Mochalski, CEO of ipoque, explains that “transparency was important for us from the beginning. The lack of transparency from the vendors’ side is widespread in the DPI business. Our thoughts are a bit different and that is why we decided to push this project.”

It can identify a whole range of weird and wonderful protocols including those you’ve never heard of.

The free version is basically a watered down of the commercial product, it’s slow, doesn’t come bundled with some fancy supercomputer grade hardware and can’t handle encrypted transmissions.

I think it will be useful too for people building open source router systems to manage traffic, do traffic shaping and general QoS with much more accuracy (rather than relying on port classification).

The OpenDPI engine, released under the LGPL license, differs from ipoque’s commercial scanning engine in its high-priced DPI hardware. The open-source version is much slower and (more importantly) doesn’t reveal ipoque’s methods for identifying encrypted transmissions. DPI vendors all claim high levels of success at identifying such traffic based on the flow patterns and handshake signatures common to protocols like BitTorrent and Skype, even if they cannot crack the encryption and examine the content of those transmissions.

ipoque apparently wants to convince people that its detection code doesn’t store or examine the actual content being transmitted. The company made the same point in a white paper released last week. “DPI as such has no negative impact on online privacy,” it says. “It is, again, only the applications that may have this impact. Prohibiting DPI as a technology would be just as naive as prohibiting automatic speech recognition because it can be used to eavesdrop on conversations based on content.

Although DPI can be used as a base technology to look at and evaluate the actual content of a network communication, this goes beyond what we understand as DPI as it is used by Internet bandwidth management—the classification of network protocols and applications.”

I hope they keep developing the project, or some other folks in the Open Source community step up and turn it into a full blown development fork.

That would be great, harness the existing technology and improve on it.

Because let’s face it, any commercial company releasing an Open Source branch of their software has no incentive to make it that great lest it get better than the stuff they are selling.

Source: Ars Technica



Recent in Countermeasures:
- isowall – Completely Isolate A Device From The Local Network
- ThreadFix – Vulnerability Aggregation & Management System
- StegExpose – Steganalysis Tool For Detecting Steganography In Images

Related Posts:
- Dr. Morena – Firewall Configuration Testing Tool
- Suricata – Open Source Next Generation Intrusion Detection and Prevention Engine
- Wireshark v1.0.0 Released – Cross Platform Graphical Packet Sniffer

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,243 views
- Password Hasher Firefox Extension - 117,081 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,572 views

Low-cost VPS Hosting

2 Responses to “Deep Packet Inspection Engine Goes Open Source”

  1. Perros 15 October 2009 at 9:39 am Permalink

    Unfortunately, the openDPI stuff they’ve released has really been hamstrung.

    It is only intended as a demo to show what types of data are gathered using DPI:

    “By giving the general public access to parts of our DPI engine, we want to demonstrate that many of the alleged privacy violations simply do not happen in DPI bandwidth management systems.”

    It doesn’t provide the performance or flexibility required to actually perform meaningful DPI.

    Shame.

    -Perros-

  2. ify 27 October 2009 at 12:42 pm Permalink

    how can one buy this softwares