Here we go again - ISP DPI, but is it interception?

Paul Barnfather lists at
Sat Jul 31 11:28:17 BST 2010

On 31 July 2010 08:37, Ian Batten <igb at> wrote:
>> The probes from the Huwaei servers are from fixed IP addresses and
>> (presumably) use easily identifiable probes, These connections can be
>> easily recognised (and blocked) or served apparently "legitimate"
>> content; I believe malware sites already do this routinely when probed
>> by known security firms.
> Although for every site that is deliberately serving bad stuff, there are
> any number of sites that have been cracked and modified to serve bad stuff.
>  It's less likely those will be in a position to play complex "block this
> range, serve good stuff to this range, serve bad stuff to the rest" so I
> don't think it's _entirely_ worthless.

Good point, Ian.

I had overlooked the fact that known-good sites can suddenly turn
"bad" as a result of being hacked. I suppose this method could detect
such sites in a timely manner. So yes, it's not necessarily *entirely*

Question: why don't TalkTalk instead just record the IP of visited
addresses (as I understand they are currently required to do anyway),
then spider those addresses in the usual way (in accordance with

Would this be problematic in any way? Sneaky, yes - but presumably legal?

More information about the ukcrypto mailing list