Home / server / Questions / 299941
Accepted
Lucas Kauffman
Asked: 2011-08-11 23:14:03 +0800 CST

Deep packet Inspection

  • 772

Recently it came across me that some of the users might be abusing our platform not conform to our rules.

Basically what we run is a platform for students by students. We sell shell accounts and VPS for ultra low prices (e.g. 15 euro for 1 year vps).

Rules

We do have some basic rules to provide security and to make sure the platform is only used for educational purposes. However there were some rumors that some users do not really bother with some of the rules. Which might lead to compromising our system. We have scripts running on our main shell server to make sure users are not sharing files that are copy-righted. In the pas we have had users sharing music on fora, after which we got a visit from some not so happy people who wanted to drag us infront of the court. The scripts looks for files with certain extensions that might be copyrighted after which it automatically sends out an email to the user to ask if he is not infringing copyright on them.

VPS

On our VPS's this get's slightly more difficult, since we do not have access to them after we set them up. (internal)

One of the suggested solutions to make sure the same does not happen on the VPS is to set up a Deep packet inspection system to scan all files.

  • I am wondering, how ethical is this ?
  • Can one of the administrators keep track of what files are coming through (with or without having access to who it is using) without voiding privacy of the user?
  • Should we do the same thing for the DPI and send automated mails (this would generate a huge amount of emails if it is done for each packet I think ) ?
  • How much load would it generate for our system ?
  • What is the best way to implement this ?
  • What would you do ?
packet-sniffer deep-packet-inspection

1 Answers

  1. Best Answer
    • It's of mixed ethics, there are arguments both ways. I tend to lean towards the "not ethical" side, but I can definitely understand the arguments on the other side, even if I don't agree with them. One thing I definitely believe is that users should be notified that this is happening, in plain language and up-front, that all use is subject to monitoring and they have no expectation of privacy.
    • No, you're explicitly invading the "privacy" of users by inspecting their packets in any way not required for the technical operation of the service.
    • How you notify your users is up to you; the DPI system should be able to provide a reasonable notification system to avoid drowning customers in unnecessary e-mail.
    • The load is dependent on how much traffic you're doing and how deep you want to go.
    • Implementation is dependent on how much traffic you're doing, the nature of your infrastructure, and how deep you want to go; it could range from a Linux box hanging off a mirror port, right up to a cluster of dedicated devices collecting and monitoring data collected from a range of sources.
    • I'd tighten up the ToS to make it explicit that if you make trouble, you're out, and then just keep an eye on traffic levels and be proactive in responding to complaints from external sources. In a closed environment like the one you describe, whacking a few of the worst offenders will likely keep things in line (due to the "race for second place" effect).
    • 1