NNSquad - Network Neutrality Squad
[ NNSquad ] Re: "Deep Packet Inspection" Trade Group
One question, however: But is it, should it be, or can it be the ISPs responsibility to block attacks both outbound and inbound? As a security person, my answer is a big YES, because thats what we do on corporate networks, and better net hygiene would be better for all. The problem is feature creep on DPI, not that you CAN do DPI, as the same framework (eg, the Bro IDS) that you use to block attacks can be the same framework to go a huge number of games (such as mining URLs to build a profile of a user to determine which advertisements to inject, and do that injecting if you have an inline-version) that most sane people, me included, would call Pure Evil (tm). Also, DPI is somewhat of a red herring in this debate: much of the interestingly dangerous stuff the ISP might want to do, such as discriminatory traffic behavior for VoIP to reduce competition with the ISPs offering, or blocking P2P applications, can be done with traffic analysis on headers, and in many cases with just Netflow data.