Luca Deri and Alfredo Cardigliano present recent advancements in nDPI, an open-source Deep Packet Inspection toolkit, addressing challenges posed by encryption and evasion protocols that limit legacy firewalls. The talk covers using cryptographic fingerprints to identify malicious actors despite encryption, and exposes structural flaws in JA3/JA4 fingerprinting methods when handling ephemeral TLS extensions.
Finally, Luca and Alfredo will detail integrating nDPI with the Linux kernel firewall for real-time traffic optimization, plus architectural blueprints using PF_RING and SmartNIC flow managers to achieve deterministic 100 Gbps monitoring and hardware-accelerated enforcement.
Come and interact with Luca and Deri!
More details: https://netdevconf.info/0x1A/sessions/talk/line-rate-cybersecurity-modern-dp...
cheers, jamal