On 6/14/07, Tyler Durden <camera_lumina@hotmail.com> wrote:
Shee-IT. Layer 4 packet inspection at OC-192 is kinda surprising, but Layer 7 at OC-48 is for me the more difficult thing to swallow.
you gotta love fast asic's for this kind of stuff. cloudstream also has success with the fpga approach. (there's a grad paper somewhere that describes a 10GigE inspection setup using fpga's and capable of ~100-600 snort style rules per chip. more rules == linear scale. would be fun to try L7, which does make things more difficult...)
Another thing worth thinking about is the control channels they must use to update the policies to one of these boxes. It's obviously in-band. One wonders if one could tap one of the fibers and find the packet stream they use to program one of these things.
what makes you say this? i'd be surprised if the control channel is pulled from the monitored flows. you need bi directional transport, for control and backhaul, among other reasons. maybe we'll find out when congress/judiciary orders the devices removed? *cough*