Here we go again - ISP DPI, but is it interception?

Ian Batten igb at
Sat Jul 31 08:37:17 BST 2010

> The probes from the Huwaei servers are from fixed IP addresses and
> (presumably) use easily identifiable probes, These connections can be
> easily recognised (and blocked) or served apparently "legitimate"
> content; I believe malware sites already do this routinely when probed
> by known security firms.

Although for every site that is deliberately serving bad stuff, there  
are any number of sites that have been cracked and modified to serve  
bad stuff.  It's less likely those will be in a position to play  
complex "block this range, serve good stuff to this range, serve bad  
stuff to the rest" so I don't think it's _entirely_ worthless.


More information about the ukcrypto mailing list