Full Disclosure mailing list archives
RE: Comcast using IPS to protect the Internet f rom their home user clients?
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 10 Mar 2004 12:52:52 -0600
On Wed, 2004-03-10 at 07:46, Chmielarski TOM-ATC090 wrote:
Yes, they say they are now doing this. http://www.infoworld.com/article/04/03/09/HNcomcastspam_1.html
But this article says they are shutting systems down once identified as a spam/hack/dos zombie. This can be done easily by reconfiguring the Cable modem or removing MAC addresses from filter/pass tables (don't know what types of access controls are in place over there). It doesn't say they are using an inline IDS/IPS. Where would those IPS's be? At the major NAPs or peering points? Or distributed in regional hubs? I'm curious how they are dealing with the performance impact. Perhaps they are using ASIC based IPS's, or very limited signature sets (which would explain why a whisker scan completes unimpeded, but a nikto scans hangs at the same "spot"). So far, a couple others reported that they noticed the same behavior. I haven't heard anyone say "my scans are not affected". To reproduce the test, fire off a nikto scan against a remote web server (remember, get permission first). See if nikto completes without getting stuck. (I used a recent nikto from the FBSD ports tree). Anyhow, finding spam sources and bandwidth hogs and turning them off manually is one thing. Having an network-based intrusion prevention system sitting in their wires is another. Perhaps they are beta testing that as an additional method to weed out bad traffic? Regards, Frank PS: I'm completely okay with them filtering as long as they allow me to tunnel my traffic to corporate servers. Whatever it takes to get rid of spam is fine with me...
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Comcast using IPS to protect the Internet f rom their home user clients? Chmielarski TOM-ATC090 (Mar 10)
- RE: Comcast using IPS to protect the Internet f rom their home user clients? Frank Knobbe (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Exibar (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Frank Knobbe (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Steve Menard (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Randal L. Schwartz (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Exibar (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Luke Scharf (Mar 10)
- RE: Comcast using IPS to protect the Internetfrom their home user clients? Matthew C. Beckman (Mar 10)
- Re: Comcast using IPS to protect the Internetfrom their home user clients? Exibar (Mar 11)
- Re: Comcast using IPS to protect the Internet from their home user clients? Exibar (Mar 10)
- RE: Comcast using IPS to protect the Internet f rom their home user clients? Frank Knobbe (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Harry Hoffman (Mar 10)
- Re: Comcast using IPS to protect the Internet from their home user clients? Thomas Lakofski (Mar 10)