It looks like some companies are making big bucks from playing the middle in the customer V ISP battle.
http://arstechnica.com/news.ars/post/20080512-throttle-5m-p2p-users-in-real-time-with-800000-dpi-monster.htmlProcera Networks will announce today a new standard in deep packet inspection (DPI) gear: an 80Gbps monster called the PacketLogic PL10000 that is targeted at tier-1 network operators. At up to $800,000 a unit, these aren't cheap, but when you want to throttle, inspect, and shape traffic in real-time on a major network, this is now the fastest thing on the market (and by a large margin).
I spoke to James Brear, Procera's CEO, and Jon Lindén about the issue. While they did not break out specific accuracy numbers on P2P, they indicated that Procera was quite good even at sniffing out encrypted P2P traffic.
Breaking such encryption in real-time isn't currently possible, nor is it desirable from a privacy perspective, but Procera doesn't need to; most P2P protocols can be detected simply by analyzing header information, handshake peculiarities, or the way in which a particular application exchanges encryption keys. Such telltale traces can give away various kinds of encrypted traffic, and while the information within remains secure, the entire flow can be shaped or blocked if desired by the ISP. (Note that this alone isn't enough to filter copyrighted content, but it can put the kibosh on entire protocols that might be heavily used for copyright infringement.)
The last sentence sort of lets the cat out of the bag, this is the usual scattergun-approach detection system thats already in use, unknown protocols are automatically throttled so this is not actually as good as is being made out in the article, still nice to see the "others sides" latest equipment that even their own staff often have no knowledge of.
