Here we go again - ISP DPI, but is it interception?

[Nicholas Bohm]

Wendy M. Grossman wrote:
> Brian Morrison wrote:
>> On Fri, 30 Jul 2010 11:39:02 +0100
>> Nicholas Bohm <nbohm at ernest.net> wrote:
>>
>>> Clive D.W. Feather wrote:
>>>> Charles Lindsey said:
>>>>  
>>>>> Once they have a list of addresses of sites, they they are
>>>>> perfectly entitled to visit those sites (as is anybody else) and
>>>>> to probe them for malware.
>>>>>     
>>>> No they aren't. You may recall that, a couple of years ago, someone
>>>> was convicted of computer misuse because he probed a site for
>>>> malware - to be precise, he put "/.." on an URL.
>>> Useful point: do you have a reference?
>>
>> Dan Cuthbert. He was trying to make a donation to a Tsunami relief
>> charity web site and noted that the site was very slow and thought
>> perhaps he might be being phished, so he truncated the URL back to just
>> the host name. He was prosecuted for purely that action, possibly
>> because as an IT professional the police thought he should realise that
>> such an action would be unauthorised.
>>
>
> How did they find out? I think we've all often done that kind of thing.

As a result of an intrusion detection system - see
http://www.pmsommer.com/CLCMA1205.pdf.

I'm surprised that truncating a URL would set off an IDS.  If a page
won't load properly, I often try truncating the URL to get back to a
home page.  I assume that going back to the site's root folder will just
load the index file in that folder (or throw an error message if there
isn't one).  None of this has ever resulted in any response whatever,
let alone a police interview.

And of course it's disappointing that the District Judge, while
regretting that he could not avoid convicting the defendant, failed to
give him an absolute discharge to indicate his views on the
appropriateness of the prosecution.

Nicholas
-- 
Contact and PGP key here <http://www.ernest.net/contact/index.htm>