Here we go again - ISP DPI, but is it interception?

Peter Fairbrother zenadsl6186 at zen.co.uk
Thu Jul 29 16:23:34 BST 2010 

Charles Lindsey wrote:
> On Wed, 28 Jul 2010 18:22:20 +0100, Peter Fairbrother 
> <zenadsl6186 at zen.co.uk> wrote:
> 
>> James Firth wrote:
> 
>> If they don't go to the full URL they won't be able to detect whether 
>> there is some bad stuff on the served page - and thus they won't be 
>> able to do the job they claim to be doing.
> 
> Actually, they might do better by going to the home page of the site and 
> crawling from there, rather than just examining some particular page for 
> malware.
> 
>>>  What if shadow visits to the site, hypothesising that the full URL is
>>> visited, caused undesired consequences such as repeat posting or 
>>> triggered
>>> other state-changing behaviour in the destination website?
>>
>> Extremely likely - for instance, another access to a session-cookied 
>> site will almost always change the server state.
> 
> On the contrary, since TalkTalk won't be sending the proper 'cookie', 

Why not? Cookies are often in URLs, and if TalkTalk send the URL to the 
site they will send the cookie too.


> they are most unlikely to mess up some ongoing transaction, and it they 
> do, then it indicates that the site itself is badly designed and 
> insecure, in which case it deserves all it gets.
> 
>> It won't work, so it's not a good thing.
> 
> It COULD work if performed in an intelligent manner. 

I disagree. It's far too easy for a malware site to evade it.

-- Peter Fairbrother


Whether TalkTalk
> have the necessary inteligence is a separate issue. You should not 
> underestimate them based on the meafre information we have so far (note 
> that they are not yet actually testing for malware - they are just 
> debugging their address gathering machinery).
> 
> --Charles H. Lindsey ---------At Home, doing my own thing------------------------ 
> 
> Tel: +44 161 436 6131                      
>    Web: http://www.cs.man.ac.uk/~chl
> Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. 
> 
> PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 
> 
> 
>

More information about the ukcrypto mailing list