Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Comcast using IPS to protect the Internet from their home user clients?
From: "Cushing, David" <David.Cushing () hitachisoftware com>
Date: Tue, 9 Mar 2004 13:18:25 -0500

Anyhow, I noticed that certain vulnerability scans, for 
example scans
using Nikto and similar tools, when run from a Comcast 
address show a
different behavior than when they are run from a clear, uncontrolled
Internet connection (i.e. corporate T-3). In fact, it appears like
Comcast has an Inline-IDS (some call it an IPS ;) sitting 
on its wires,
filtering out certain signatures and blocking subsequent 
access for a
short period of time. For example, scan progresses, then hangs
inexplicably, then resumes, trips a sig, and hangs again. 

Adelphia (cable modem) has also been fishy lately.  Something new in the past couple of months.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]