Virgin Media deep packet inspection

Dist

Dist

Dist

Soldato
Joined
1 Jun 2005
Posts
5,152
Location
Kent
Just read this on slashdot, VM are going to trial deep packet inspecition to look for filesharers. Now although it says that it will initialy only see the ammount of filesharing going on and not actully record who is a filesharer, it wont be long before they fully implement it and record stuff. One of the main reasons that ISPs didn't like government plans to stop filesharers is the cost of the hardware to do DPI, well, if VM are implementing it themselves then there will be no reason why the government cant get them to police the internet.

Slashdot said:
"The Register reports that Virgin Media are to begin monitoring file sharing using a deep packet inspection system, CView, provided by Deltica, a BAE subsidiary. The trial will cover about 40% of customers, although those involved will not be informed. CView's deep packet inspection is the same technology that powered Phorm's advertising system. Initially Virgin Media's implementation will focus on music sharing and will inspect packets to determine whether the content is licensed or unlicensed, based on data provided by the record industry. Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."
Click to expand...
 
Isn't SSL useless against DPI? I've been trying to find some conclusive proof of this all morning but haven't been able to.

That's the rumour I heard. Was trying to find out if it was true or not.
 
It's the other way around DPI is useless against SSL. They would be able to tell that the payload is encrypted but they wouldn't be able to say what it's contents were. They obviously can see the source/destination of the packets but they wouldn't know what's being sent.

That said Virgin could just cap all SSL transfer to certain destinations.

HEADRAT
 
Wouldnt DPI be able to look at the initial SSL handshake packets during the initialisation of the connection and from that be able to decrypt any SSL packets sent after that?

Edit: Nevermind, I forgot SSL uses public key cryptography and so the keys sent during the handshake couldn't be used by the DPI machine to decrypt anything.
 
Last edited:
http://www.ispreview.co.uk/story/20...inspection-to-track-illegal-file-sharing.html

http://www.ispreview.co.uk/story/20...ction-to-target-illegal-isp-file-sharers.html

http://www.detica.com/images/pdfs/detica-response-to-bis-p2p-file-sharing-consultation-sep09.pdf (the actually pdf submitted)

Given that phorm, which also had government backing, was boycotted so badly everyone dropped it, I find it difficult understanding how any politician (bar mandelsons ego) thinks that dpi developed by a military weapons manufacturer - that's far more invasive - could possibly think it would be received any better.
 
http://news.zdnet.co.uk/security/0,1000000189,39906062,00.htm

In CView, web traffic first enters a network device, or 'black box', where IP address information is discarded, Detica media accounts director Dan Klein told ZDNet UK on Thursday. The data packet is then scanned to see if it follows one of the three main file-sharing protocols — BitTorrent, Gnutella and eDonkey — said Klein.

"We don't look at anything else, because we don't have the processing power," said Klein.

If the packet does follow one of those protocols, it is opened to check whether the data inside is licensed. Detica is currently testing different music-fingerprinting products, including Shazam, Gracenote, Digimark and Audible Magic, to gauge whether the file contains licensed or unlicensed data.

Klein added that encryption of data would cause major problems for CView. "Encryption of the data packet would defeat us," he said. "We're not going to put the processing power into defeating it."

Detica, told ZDNet UK on Thursday that government plans to force ISPs to identify unlawful file-sharers were not proportionate.

"If the government chose to go down that route, we would come out strongly against," said Detica media accounts director Dan Klein. "It's not necessary or proportionate."
Click to expand...
 
Yer, don't worry about them analysing encrypted packets.

All they can realistically do (without breaking the law) is see who you are talking to. It may be that in the future they blacklist certain remote hosts, i.e if you are SSL'ed to a usenet server, then they can take a fair guess at what inside the many GB's of packets you're transferring and apply traffic shaping. That's about as far as it can go.
 
I have been trying to find out for a while a conclusive answer towards SSL newsgroup.

Just to confirm so i'm not wasting money on a subscription. SSL is the way forward and there is no current means to defeat SSL Newsgroups?
 
HEADRAT said:
The log traffic from those boxes is going to be scary!
Click to expand...

Nothing at all, we log maybe 60GB (tarred and zipped) worth of traffic analysis data a day right now. I suspect most other ISPs and major content providers are doing likewise.

The logging data is just text at the end of the day, you can keep an awful lot of text logs on a netapp...
 
Jay662 said:
I have been trying to find out for a while a conclusive answer towards SSL newsgroup.

Just to confirm so i'm not wasting money on a subscription. SSL is the way forward and there is no current means to defeat SSL Newsgroups?
Click to expand...

There is a way, depending on how much attention you pay to security. Basically the ISP proxies the SSL connection, terminates your secure session and creates a new one from them to the end site. I can't imagine anybody does it (or it's even legal) but it can be done (and indeed is by a few content providers to fix somes issues with load balancing SSL sites and stickyness while maintaining end to end encryption...)

A technical user should be able to detect it, however if you don't pay attention to certificates you could miss it and a non technical user would likely miss it.

But as said, I don't know how legal it would be for an ISP to use this technique, certainly I wouldn't do it without getting advice in writing from our legal guys...
 
bigredshark said:
But as said, I don't know how legal it would be for an ISP to use this technique, certainly I wouldn't do it without getting advice in writing from our legal guys...
Click to expand...

I would be interested to know how legal this is, maybe it requires a warrent of some kind :confused: There is a recent SSL man in the middle attack that can even bypass the invalid certificates issue you mentioned. Would like to know just how far ISP's can go into DPI.
 
Azuse05 said:
Given that phorm, which also had government backing, was boycotted so badly everyone dropped it, I find it difficult understanding how any politician (bar mandelsons ego) thinks that dpi developed by a military weapons manufacturer - that's far more invasive - could possibly think it would be received any better.
Click to expand...

I informed two groups of people about BT's Phorm when they wanted to switch to BT from other providers. It had no relivence to them and both continued with the sign up.

I imagine Virgin can get away with doing what they like and the vast majority of users won't care or be affected - so you've lost the vast numbers of cutomers needed to object to cause Virgin to re-think.
 
You must log in or register to reply here.
Back
Top Bottom