[112512] in North American Network Operators' Group
Re: DPI or Flow Management
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Sun Mar 1 20:45:03 2009
In-Reply-To: <FFAE99B3-C8DB-4D1F-BBB7-10E68095B745@cisco.com>
Date: Mon, 2 Mar 2009 07:14:53 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Roland Dobbins <rdobbins@cisco.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
In short, the entire DPI debate is starting to go on similar lines,
and flogging similar horses, as the gun control debate
Yes, dpi has great, useful applications (ddos mitigation and other
security, for example). And it has bad / harmful applications
(dictatorships doing dpi to catch political dissent).
That says a lot more about inappropriate / appropriate use of dpi
rather than dpi itself.
Nothing at all in DPI that makes it wrong, deeply evil etc.
-srs
On Mon, Mar 2, 2009 at 6:47 AM, Roland Dobbins <rdobbins@cisco.com> wrote:
>
> On Mar 2, 2009, at 9:10 AM, Roland Dobbins wrote:
>
>> With regards to DDoS mitigation, it's sometimes necessary to go above
>> layers-3/-4 in the event of layer-7-targeted attacks.
>
> In fact, it's sometimes important to have the ability to parse packet
> payloads and/or interact with traffic in some layer-3/layer-4 attacks,
> depending upon the type of traffic, source distribution, legitimate proxy
> intermediaries, spoofed vs. non-spoofed, and so forth.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile
>
> =C2=A0Some things are just too precious to entrust to computers.
>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -- Seth Ha=
nford
>
>
>
--=20
Suresh Ramasubramanian (ops.lists@gmail.com)
