Collaborate Disseminate
In my company, we have two internal domains with a firewall between them. When requesting firewall rules for an application with components on domain A and domain B, I was told that encrypted protocols were not allowed through the firewall… Continue reading Disable Encrypted Protocols Through Firewall
I am doing some research on intrusion detection systems (IDS) and deep packet inspections (DPI). Assuming a system where values are forwarded to a validation system and the validation system does validate (check anomalies, e…. Continue reading Scenario Categorization with Deep Packet Inspection – Intrusion Detection
The new law compels the country’s ISPs to forward all data arriving and departing from their networks through special gateway servers. Continue reading Russia’s sovereign internet law comes into force
I have some customers requesting that we put apply DPI or dynamic packet filtering in front of our web server. For the simplicity of my service, I’m feeling like this is over kill. What kinds of web apps really benefit from… Continue reading What kinds of web applications need dynamic packet filtering or deep packet inspection
How Does Application Visibility and Control Work? The application
identification (App ID) classification engine and application
signature pattern-matching engine operate at Layer 7 and inspect the
actual content of… Continue reading How does a NG Firewall do application visibility and classification of TLS traffic without TLS interception and how reliable is this
http://qosmos.com/products/protocol-support/ state they are able to identify “Video, URL, date, duration, frame rate, +30 other metadata” for Youtube traffic. Duration, Frame Rate and date seems possible. But how do they iden… Continue reading Identifying URL in SSL
Is it possible that Firefox and Chrome disable pin validation for users who imported custom root certificates all pinning violations are ignored. What is impact of that? Will browser report any warning?
Continue reading can HPKP certificate pinning disable DPI inspection on firewall?
If I use OpenVPN on port 443 (TCP or UDP), is it possible for my ISP with deep packet inspection to find out VPN usage?
If so, what is the alternative?
Following my troubleshooting of making a TLS connection (See: Testing TLS with openssl), it looks like there might be an active firewall in place.
The connection on that port works with nc on both sides (nc -l -p 8883 on the server, nc server.com 8883 on the client)
It even works if I manually send the binary preamble for making a TLS connection, but leave off the last byte (again, captured with nc -l -p 8883 | xxd). I think I see a delay…
Just incase I also checked if the connection is just being forced closed at 289 bytes, so I sent a lot of random text and it went through fine.
Sending the full TLS preamble results in nothing received at the server, and the connection closed. I tried adding some delay before the last byte, it goes through and the connection stays open!
What the heck is this and how do I phrase my request to the company IT to allow it? (we have a special APN set up with AT&T and I think that’s where it is)
I used nc -l -p 8883 to capture the TLS preamble from a successful connection attempt to the server from elsewhere (289 bytes)
0000000: 1603 0101 1c01 0001 1803 03f4 f363 0180
0000010: 3ce4 957f ee17 8b7f d8ef 9ce0 e608 1cac
0000020: d328 798d 8b10 cc7b b521 0....
...
0000120: 01
Then here’s the client command to reproduce it:
(head TLS1.hex -n18 | xxd -r; sleep 0.3; echo 0: 01 | xxd -r )
| nc server.com 8883 -q 1