Here we go again - ISP DPI, but is it interception?
Paul Barnfather
lists at barnfather.net
Sat Jul 31 11:28:17 BST 2010
On 31 July 2010 08:37, Ian Batten <igb at batten.eu.org> wrote:
>>
>> The probes from the Huwaei servers are from fixed IP addresses and
>> (presumably) use easily identifiable probes, These connections can be
>> easily recognised (and blocked) or served apparently "legitimate"
>> content; I believe malware sites already do this routinely when probed
>> by known security firms.
>
> Although for every site that is deliberately serving bad stuff, there are
> any number of sites that have been cracked and modified to serve bad stuff.
> It's less likely those will be in a position to play complex "block this
> range, serve good stuff to this range, serve bad stuff to the rest" so I
> don't think it's _entirely_ worthless.
Good point, Ian.
I had overlooked the fact that known-good sites can suddenly turn
"bad" as a result of being hacked. I suppose this method could detect
such sites in a timely manner. So yes, it's not necessarily *entirely*
worthless...
Question: why don't TalkTalk instead just record the IP of visited
addresses (as I understand they are currently required to do anyway),
then spider those addresses in the usual way (in accordance with
robots.txt)?
Would this be problematic in any way? Sneaky, yes - but presumably legal?
More information about the ukcrypto
mailing list