Deep packet inspection — Fear of the unknown

Abstract

Enterprise and service provider customers develop, maintain and operate network infrastructure in order to support the applications required to perform their day to day tasks. These applications have certain requirements and expectations from the infrastructure, including access to public networks, and thus rely on quality of service (QoS) controls to manage network traffic. QoS controls are used to ensure non-critical applications do not hamper the operation of critical ones, all the while providing fair access to all legitimate applications. QoS systems are increasingly being used as firewalls, filtering bad traffic and allowing good traffic to traverse the network without delay. This paper investigates the effectiveness of protocol matching within current QoS classifiers and shows that even with the most up to date classifiers, “unknown” or unidentified traffic is still prevalent on a network; a serious concern for IT network administrators. This “unknown traffic could consist of viruses, attempted exploits and other un-authorized connectivity from outside sources.