DPI kapena Deep Packet Inspection ndi ukadaulo wodziunjikira ziwerengero, kuyang'ana ndi kusefa mapaketi a netiweki posanthula osati mitu yapaketi yokha, komanso kuchuluka kwa magalimoto pamilingo yachitsanzo cha OSI kuyambira chachiwiri ndi chapamwamba, chomwe chimakupatsani mwayi wozindikira ndikuwunika. block ma virus, zidziwitso zosefera zomwe sizikukwaniritsa zofunikira.
Pali mitundu iwiri ya kulumikizana kwa DPI, yomwe ikufotokozedwa ValdikSSpa github:
Passive DPI
DPI yolumikizidwa ndi netiweki yopereka chithandizo mofananira (osati podula) mwina kudzera pagawo laling'ono, kapena kugwiritsa ntchito magalasi a magalimoto ochokera kwa ogwiritsa ntchito. Kulumikizana uku sikuchepetsa kuthamanga kwa intaneti ya wothandizira ngati palibe ntchito yokwanira ya DPI, chifukwa chake imagwiritsidwa ntchito ndi opereka akuluakulu. DPI yokhala ndi kulumikizana kwamtunduwu imatha kuzindikira mwaukadaulo kuyesa kupempha zinthu zoletsedwa, koma osayimitsa. Kuti mulambalale chiletsochi ndikuletsa kulowa patsamba loletsedwa, DPI imatumiza wogwiritsa ntchito kupempha ulalo wotsekedwa paketi ya HTTP yopangidwa mwapadera ndikutumizanso patsamba la woperekayo, ngati kuti yankho lotere latumizidwa ndi zomwe adafunsidwa (IP ya wotumizayo). adilesi ndi mndandanda wa TCP amapangidwa). Chifukwa DPI ili pafupi kwambiri ndi wogwiritsa ntchito kuposa malo omwe adafunsidwa, yankho la spoofed limafika pa chipangizo cha wogwiritsa ntchito mofulumira kusiyana ndi yankho lenileni la tsambalo.
Active DPI
Active DPI - DPI yolumikizidwa ndi netiweki ya omwe amapereka mwachizolowezi, monga chida china chilichonse cha netiweki. Wothandizira amakonza njira kuti DPI ilandire magalimoto kuchokera kwa ogwiritsa ntchito kupita ku ma adilesi otsekedwa a IP kapena madambwe, ndipo DPI ndiye amasankha kulola kapena kuletsa magalimoto. Active DPI imatha kuyang'ana magalimoto omwe atuluka komanso omwe akubwera, komabe, ngati woperekayo akugwiritsa ntchito DPI kuti atseke masamba kuchokera ku registry, nthawi zambiri amakonzedwa kuti ayang'ane magalimoto otuluka okha.
Osati kokha kugwira ntchito kwa kutsekereza magalimoto, komanso katundu wa DPI zimadalira mtundu wa kugwirizana, kotero n'zotheka kuti musayang'ane magalimoto onse, koma ena okha:
"Normal" DPI
DPI "yokhazikika" ndi DPI yomwe imasefa mtundu wina wa magalimoto pamadoko omwe amapezeka kwambiri amtunduwu. Mwachitsanzo, DPI "yokhazikika" imazindikira ndikuletsa magalimoto oletsedwa a HTTP okha pa doko 80, magalimoto a HTTPS pa doko 443. Mtundu uwu wa DPI sudzatsata zoletsedwa ngati mutumiza pempho ndi ulalo wotsekedwa ku IP yosatsekedwa kapena yosagwirizana. doko lokhazikika.
"Full" DPI
Mosiyana ndi DPI "yokhazikika", mtundu uwu wa DPI umayika magalimoto mosasamala kanthu za adilesi ya IP ndi doko. Mwanjira iyi, masamba otsekedwa sangatseguke ngakhale mukugwiritsa ntchito seva ya proxy padoko losiyana kwambiri ndi adilesi ya IP yosatsegulidwa.
Chifukwa cha izi, muyenera kusintha DPI "Yogwira" kapena kugwiritsa ntchito kutsekereza pogwiritsa ntchito seva yowonjezera ya DNS.
Kuletsa kugwiritsa ntchito DNS
Njira imodzi yoletsera mwayi wopeza chithandizo ndikuletsa pempho la DNS pogwiritsa ntchito seva yapafupi ya DNS ndikubwezera wogwiritsa adilesi ya IP ya "stub" m'malo mogwiritsa ntchito zofunikira. Koma izi sizimapereka zotsatira zotsimikizika, chifukwa ndizotheka kupewa spoofing adilesi:
Tsegulani fayilo ya makamu kuti musinthe (ufulu wa woyang'anira ukufunika), womwe uli mu:
Linux: /etc/hosts
Windows: %WinDir%System32driversetchosts
Onjezani mzere mumpangidwe: <dzina lachinthu>
Sungani zosintha
Ubwino wa njirayi ndizovuta zake komanso kufunikira kwa ufulu wa oyang'anira.
Njira 2: DoH (DNS pa HTTPS) kapena DoT (DNS pa TLS)
Njirazi zimakulolani kuti muteteze pempho lanu la DNS kuti lisawonongeke pogwiritsa ntchito kubisa, koma kukhazikitsa sikuthandizidwa ndi mapulogalamu onse. Tiyeni tiwone kumasuka kokhazikitsa DoH ya mtundu 66 wa Mozilla Firefox kuchokera kumbali ya ogwiritsa ntchito: