Deep Packet Inspection Engine Goes Open Source

Outsmart Malicious Hackers


This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).

I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like Snort.

http://opendpi.org/

Deep packet inspection (DPI) hardware can identify an astonishing array of protocols passing across the Internet—up to and including protocols that are rare even to us in the Orbiting HQ (Gadu-Gadu? Manolito? Feidian?). But if you’ve ever wondered just how this can be done, and done at wire speed, wonder no more: Europe’s leading DPI vendor has open-sourced a version of its traffic detection engine.

OpenDPI.org is the new home for ipoque’s open source project; anyone interested can take a look at the code or contribute patches. The goal in this case, though, isn’t so much about crowdsourcing product development but about easing consumer fears about DPI technology.

Klaus Mochalski, CEO of ipoque, explains that “transparency was important for us from the beginning. The lack of transparency from the vendors’ side is widespread in the DPI business. Our thoughts are a bit different and that is why we decided to push this project.”

It can identify a whole range of weird and wonderful protocols including those you’ve never heard of.

The free version is basically a watered down of the commercial product, it’s slow, doesn’t come bundled with some fancy supercomputer grade hardware and can’t handle encrypted transmissions.

I think it will be useful too for people building open source router systems to manage traffic, do traffic shaping and general QoS with much more accuracy (rather than relying on port classification).

The OpenDPI engine, released under the LGPL license, differs from ipoque’s commercial scanning engine in its high-priced DPI hardware. The open-source version is much slower and (more importantly) doesn’t reveal ipoque’s methods for identifying encrypted transmissions. DPI vendors all claim high levels of success at identifying such traffic based on the flow patterns and handshake signatures common to protocols like BitTorrent and Skype, even if they cannot crack the encryption and examine the content of those transmissions.

ipoque apparently wants to convince people that its detection code doesn’t store or examine the actual content being transmitted. The company made the same point in a white paper released last week. “DPI as such has no negative impact on online privacy,” it says. “It is, again, only the applications that may have this impact. Prohibiting DPI as a technology would be just as naive as prohibiting automatic speech recognition because it can be used to eavesdrop on conversations based on content.

Although DPI can be used as a base technology to look at and evaluate the actual content of a network communication, this goes beyond what we understand as DPI as it is used by Internet bandwidth management—the classification of network protocols and applications.”

I hope they keep developing the project, or some other folks in the Open Source community step up and turn it into a full blown development fork.

That would be great, harness the existing technology and improve on it.

Because let’s face it, any commercial company releasing an Open Source branch of their software has no incentive to make it that great lest it get better than the stuff they are selling.

Source: Ars Technica

Posted in: Countermeasures, Forensics, Hacking Tools, Networking Hacking, Security Software

,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


2 Responses to Deep Packet Inspection Engine Goes Open Source

  1. Perros October 15, 2009 at 9:39 am #

    Unfortunately, the openDPI stuff they’ve released has really been hamstrung.

    It is only intended as a demo to show what types of data are gathered using DPI:

    “By giving the general public access to parts of our DPI engine, we want to demonstrate that many of the alleged privacy violations simply do not happen in DPI bandwidth management systems.”

    It doesn’t provide the performance or flexibility required to actually perform meaningful DPI.

    Shame.

    -Perros-

  2. ify October 27, 2009 at 12:42 pm #

    how can one buy this softwares