undefined | Better HN

0 pointsusr11064y ago0 comments

So if you contol both ends any kind of obfuscation will defeat deep packet inspection, as long as the same obfuscation is not widely used so that the inspection software can check for it.

But if you do not control both ends, let's say you want many customers or even the public to connect to your server that's not an option.

0 comments

Thiez4y ago

> as long as the same obfuscation is not widely used so that the inspection software can check for it.

I imagine there are only so many things you can detect with DPI before the network connection becomes (even more) prohibitively slow. And you can check for rot13 or base64 or common compression algorithms (but beware of zip bombs), but you can't check for properly encrypted data since it will appear as random bits.

j / k navigate · click thread line to collapse

0 pointsusr11064y ago0 comments

So if you contol both ends any kind of obfuscation will defeat deep packet inspection, as long as the same obfuscation is not widely used so that the inspection software can check for it.

But if you do not control both ends, let's say you want many customers or even the public to connect to your server that's not an option.

0 comments

Thiez4y ago

> as long as the same obfuscation is not widely used so that the inspection software can check for it.

j / k navigate · click thread line to collapse