From: "Fredrik Strömberg" <stromberg@mullvad.net>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) PACE 2
Date: Thu, 24 Jan 2019 12:01:54 +0100 [thread overview]
Message-ID: <CANTUoecQ71BaE-38-qk4CQRXPRTabEEedmsybQb==Y9jaa6epg@mail.gmail.com> (raw)
In-Reply-To: <168C4A39-3DFB-4AD8-839B-BA7C4D8D8F40@gmail.com>
Deep Packet Inspection is the term used to describe detailed
inspection of network traffic.
A firewall might allow, block, or log traffic based on source or
destination IP address. Or it might do so by looking at TCP and UDP
headers inside the IP packet frame. Or, the firewall will even look at
the payload inside a TCP or UDP packet frame, and that is called Deep
Packet Inspection.
WireGuard uses UDP, and by looking at the payload of those UDP packets
it is trivial to distinguish from other protocols. An experienced
network sysadmin could write you a firewall rule that blocks WireGuard
in a few minutes. Obfuscation is not a goal of WireGuard, so this not
a problem for WireGuard, the project.
It will however be a problem for those blocked by this equipment. Like
all technology, this DPI equipment is a double-edged sword. Will it be
sold to a government so they can block privacy-seeking dissidents from
using WireGuard, or will it be sold to an organization that has a more
legitimate need to block WireGuard traffic?
The solution is to use an obfuscation protocol that encapsulates
WireGuard, just like Tor users in censored countries do.
Cheers,
Fredrik
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-01-24 11:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-24 9:18 Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S® " Henrique Carrega
2019-01-24 11:01 ` Fredrik Strömberg [this message]
2019-02-19 13:37 ` Rohde & Schwarz Adds Emerging WireGuard VPN Protocol to its Deep Packet Inspection (DPI) Software Library, R&S(R) " Frank Beuth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CANTUoecQ71BaE-38-qk4CQRXPRTabEEedmsybQb==Y9jaa6epg@mail.gmail.com' \
--to=stromberg@mullvad.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).