Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Comcast using IPS to protect the Internet from their home user clients?

From: "Cushing, David" <David.Cushing () hitachisoftware com>
Date: Tue, 9 Mar 2004 13:18:25 -0500
Anyhow, I noticed that certain vulnerability scans, for 

example scans

using Nikto and similar tools, when run from a Comcast 

address show a

different behavior than when they are run from a clear, uncontrolled
Internet connection (i.e. corporate T-3). In fact, it appears like
Comcast has an Inline-IDS (some call it an IPS ;) sitting 

on its wires,

filtering out certain signatures and blocking subsequent 

access for a

short period of time. For example, scan progresses, then hangs
inexplicably, then resumes, trips a sig, and hangs again. 



Adelphia (cable modem) has also been fishy lately.  Something new in the past couple of months.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: