Sandvine has during recent years become infamous for its support to Internet repressive regimes, such as Belarus, Azerbaijan, Egypt, where its DPI equipment is used to block independent media and human rights organizations. This report provides insight on how Sandvine’s equipment performs the blocking, and how it can be detected.
The report, which is a collaboration with the Egyptian citizen journalism platform Al Manassa, proves that Sandvine is being used by at least two providers in the country, state-owned Telecom Egypt and privately owned Orange Egypt.
The report presents two characteristics which can be used to fingerprint the existence of Sandvine equipment in any network. Furthermore, the report confirms that although the Sandvine DPI tears down the majority of connections established to blocked websites, 25% of the traffic goes through the DPI equipment.
Qurium forensics report: How operators use Sandvine to block independent media in Egypt
(SecurityAffairs – hacking, DPI)