SIP Deep Packet Inspection

SIP Deep Packet Inspection

Deep Packet Inspection (DPI) will identify and classify the SIP traffic based on a signature database

Deep packet inspection (or DPI) is a powerful way to protect not just SIP traffic, but also the network. DPI is a form of computer network packet filtering that examines the data (or datagram) and UDP/TCP header part of a packet as it passes through an Ingate SIParator or Firewall.

Managed devices are searching for non-protocol compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. This is in contrast to shallow packet inspection (usually called just packet inspection) which only checks the UDP/TCP header portion of a packet.

Shallow packet inspection is the kind of inspection commonly found in most NAT firewall devices.

Firewalls with Deep Packet Inspection capability, Ingate has the ability to look at Layers 2 through 7 of the OSI model. Since the SIP protocol is an Application Layer (Layer 7) in the OSI Model, Ingate products have a unique ability to:

Look at the SIP protocol packets, to provide non-protocol compliance rules, routing rules and statistical information, and
Provide IDS/IPS security features for an effective defense against overflow attacks, denial of service (DoS) attacks, and sophisticated intrusions.This includes headers and SIP protocol structures as well as the actual payload of the message.

DPI will identify and classify the SIP traffic based on a signature database that includes information extracted from the data part of a UDP/TCP packet, providing extremely precise of control of any SIP traffic — finer than any classification based only on header information only.