Deep Packet Inspection Bypass
MetadataVis full innførsel
Internet censorship is a problem, where governments and authorities restricts access to what the public can read on the Internet. They use deep packet inspection tools to conduct the censorship. An example of such a tool is Snort. Snort is a signature-based network inspection tool that sits on the edge of a network which is monitored and inspects packets that passes through. To avoid Internet censorship it is possible to bypass the deep inspection tools, and it is multiple ways of doing this. Methods that may be used depends on in which network layer the Internet censorship is done. This is mainly done by changing the traffic appearance too not match the rules written in the signature-based inspection tool. There are multiple software solutions already proposed that are capable of doing this, two of them are Snort and Pluggable Transport. These two solutions are capable to masquerade network traffic to look like benign traffic, and it is not possible to single out the traffic flow from other traffic flow. It is possible to use these two software solutions to transfer malicious code to a company network. This requires that a person inside the company network downloads the malicious code using the software. Malicious code which is downloaded using either Dust or Pluggable Transport software would not be detected, they are designed to look like normal Internet traffic.