Re: [Hackmeeting] DPI

Delete this message

Reply to this message
Autore: dezperado
Data:  
To: hackmeeting
Oggetto: Re: [Hackmeeting] DPI
On 20090920@17:06, Raistlin wrote:
> megabug wrote:
> > On Saturday 19 September 2009 23:58:41 baudelaire@??? wrote:
> >> http://www.opendpi.org/
> >> http://www.ipoque.com/resources/white-papers
> >
> > http://code.google.com/p/opendpi/source/browse/trunk/src/lib/protocols/irc.c#386
> >
> > notare i server IRC che sono stati messi sotto controllo...
>
> Minchia, che bel motore flessibile, coi valori hardcodati dentro...


Ridondo un po' in maniera che rimanga a memoria della lista:

Lo stralcio di codice citato da megabug :

  if (flow->detected_protocol != IPOQUE_PROTOCOL_IRC
    && flow->packet_counter == 2 && 
    (packet->payload_packet_len > 400 && packet->payload_packet_len < 1381))
  {
    for (c1 = 50; c1 < packet->payload_packet_len - 23; c1++)
    {
      if (packet->payload[c1] == 'i' || packet->payload[c1] == 'd')
      {
        if ((memcmp(&packet->payload[c1], "irc.hackthissite.org0", 21) == 0)
          || (memcmp(&packet->payload[c1], "irc.gamepad.ca1", 15) == 0)
          || (memcmp(&packet->payload[c1], "dungeon.axenet.org0", 19) == 0)
          || (memcmp(&packet->payload[c1], "dazed.nuggethaus.net", 20) == 0)
          || (memcmp(&packet->payload[c1], "irc.indymedia.org", 17) == 0)
          || (memcmp(&packet->payload[c1], "irc.cccp-project.net", 20) == 0)
          || (memcmp(&packet->payload[c1], "dirc.followell.net0", 19) == 0)
          || (memcmp(&packet->payload[c1], "irc.discostars.de1", 18) == 0)
          || (memcmp(&packet->payload[c1], "irc.rizon.net", 13) == 0))
        {
          IPQ_LOG(IPOQUE_PROTOCOL_IRC, ipoque_struct, IPQ_LOG_TRACE,
            "IRC SSL detected with :- irc.hackthissite.org0 | irc.gamepad.ca1 |"
            " dungeon.axenet.org0 "
            "| dazed.nuggethaus.net | irc.indymedia.org | irc.discostars.de1 ");
          ipoque_int_irc_add_connection(ipoque_struct);


Tradotto : qualunque sia la natura della comunicazione 'intercettata'
(tecnicamente si tratta di un'intercettazione), purche' avvenga su IRC,
basta la sola citazione di uno di quegli hostname (es.: "aho' raga'
vedeteve irc.discostars.del") affinche' il pacchetto venga loggato.

Ora, dall'annuncio di Opendpi come OSS http://www.opendpi.org/, qualche
settimana fa:.

<< Why OpenDPI?

DPI has been subject to controversial debates about network neutrality
and online privacy during the last few years, with a negative impact on
the reputation of DPI-based systems. A general problem is the lack of
transparency from the vendors' side, which makes Internet users afraid
of this technology. Many myths and untruths about what DPI can do,
including reading and analyzing the content of user communication, are
in circulation. By giving the general public access to parts of our DPI
engine, we want to demonstrate that many of the alleged privacy
violations simply do not happen in DPI bandwidth management systems.
We believe that this openness will be to the benefit of the DPI industry.
>>


in evidenza la contraddizione :

<<... we want to demonstrate that many of the alleged privacy
violations simply do not happen in DPI bandwidth management systems.
>>


Non ho seguito il codice (riporto solo per fini documentali), quindi
non so cosa venga loggato, pero' con queste basi, il resto del codice
"invasivo" della privacy si scrive da solo, se gia' non e' stato
scritto da terze parti.

>