Here we go again - ISP DPI, but is it interception?
igb at batten.eu.org
Sat Jul 31 08:37:17 BST 2010
> The probes from the Huwaei servers are from fixed IP addresses and
> (presumably) use easily identifiable probes, These connections can be
> easily recognised (and blocked) or served apparently "legitimate"
> content; I believe malware sites already do this routinely when probed
> by known security firms.
Although for every site that is deliberately serving bad stuff, there
are any number of sites that have been cracked and modified to serve
bad stuff. It's less likely those will be in a position to play
complex "block this range, serve good stuff to this range, serve bad
stuff to the rest" so I don't think it's _entirely_ worthless.
More information about the ukcrypto