skip to main |
skip to sidebar
The
Australian Federal Police (AFP) "
.. intends to expand upon its network forensics expertise to include new deep packet inspection capacity that will be able to capture and retain metadata. The agency is currently seeking tenders for an appliance that can accept a stream of TCP/IP traffic or potentially previously captured packets in PCAP format. The request for tender does not specify where the input to the appliance will come from, but states that at a minimum, it must be able to analyse flows of information at 10Gbps, regardless of whether it is using IPv4 or IPv6. Further requirements that the AFP needs are the ability to identify services and applications at the application layer.
Proposals are additionally expected to be able to filter out packets based on keywords, protocols, applications, IP addresses and ports. They should also identify malware, antivirus activity, communication and mobile applications, detect various types of encryption when used and de-capsulate tunnelling protocols. An example of the latter could include the Layer 2 Tunneling Protocol commonly used in virtual private network (VPN) connections, assuming the AFP is able to bypass the secure channel typically established to protect such data.
See "
AFP seeks deep packet inspection capability to capture metadata" -
here.
No comments:
Post a Comment