Re: Deep Packet Inspection

To: debian-user@lists.debian.org
Subject: Re: Deep Packet Inspection
From: Mimiko <vbvbrj@gmail.com>
Date: Tue, 21 Aug 2018 09:29:53 +0300
Message-id: <[🔎] 1d1ec280-d191-324b-ee67-3a621486f1db@gmail.com>
In-reply-to: <[🔎] CABzZrXdZttKuh_NUooBXSzKXeG4L1uFZjZO+2A1Kx2-480rj-Q@mail.gmail.com>
References: <[🔎] 3464b716-2364-0b3d-69d0-c515090bee81@gmail.com> <[🔎] 20180819175055.ibna3armlibjt6t2@p5k.home> <[🔎] CABzZrXfmdVqAQ30Y0eAHAPoeGXOBRWx3Xq6z5ybXuHUF_rAbKg@mail.gmail.com> <[🔎] 20180819182446.jrwavlgqcorfonc6@p5k.home> <[🔎] CAO1P-kDHfCAj_u5ndvW2GaccRcQuQaM5oD+KH_wVWpNqFa5M2w@mail.gmail.com> <[🔎] CABzZrXdZttKuh_NUooBXSzKXeG4L1uFZjZO+2A1Kx2-480rj-Q@mail.gmail.com>

Thank you all for suggestions.

Yes, I didn't tell my goal. First of course is to limit access to web sites and collect statistics. Yes this could be done with squid and ssl_bump. Ihope this does not change certificate as internet-banking will not work. The problem for a quick implementation is with need of squid recompile tosupport ssl.


The second goal is intercept packets on other ports for limiting services, like skype, teamviewer (especially).

For now I use iptables -m string --algo kmp --to 65535 --string to intercept some strings on conenction and block access to some sites by domain name.But this will not allow me to block access to all sites and allow access to only several sites.


I was looking for a quick implementation.

l7filter was interesting for me, but it is not supported anymore. nDPI scares me with patching kernel. And OpenDPI is not in repository.

I will try to implement OpenDPI by compiling, also as squid, but this is a long process.

As I read for snort, suricata, zorp - it is a self contained firewall. I use a standard Debian installation where I run several different services.

Thanks again.

Reply to:

Follow-Ups:
- Re: Deep Packet Inspection
  - From: Eero Volotinen <eero.volotinen@iki.fi>

References:
- Deep Packet Inspection
  - From: Mimiko <vbvbrj@gmail.com>
- Re: Deep Packet Inspection
  - From: Reco <recoverym4n@gmail.com>
- Re: Deep Packet Inspection
  - From: Eero Volotinen <eero.volotinen@iki.fi>
- Re: Deep Packet Inspection
  - From: Reco <recoverym4n@gmail.com>
- Re: Deep Packet Inspection
  - From: Cindy-Sue Causey <butterflybytes@gmail.com>
- Re: Deep Packet Inspection
  - From: Eero Volotinen <eero.volotinen@iki.fi>

Prev by Date: What's the right way to get an unbroken mc package installed in Stretch
Next by Date: Re: Deep Packet Inspection
Previous by thread: Re: Deep Packet Inspection
Next by thread: Re: Deep Packet Inspection
Index(es):
- Date
- Thread