> > Anyhow, I noticed that certain vulnerability scans, for
> example scans
> > using Nikto and similar tools, when run from a Comcast
> address show a
> > different behavior than when they are run from a clear, uncontrolled
> > Internet connection (i.e. corporate T-3). In fact, it appears like
> > Comcast has an Inline-IDS (some call it an IPS ;) sitting
> on its wires,
> > filtering out certain signatures and blocking subsequent
> access for a
> > short period of time. For example, scan progresses, then hangs
> > inexplicably, then resumes, trips a sig, and hangs again.
Adelphia (cable modem) has also been fishy lately. Something new in the past couple of months.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Tue Mar 09 16:58:07 2004
This archive was generated by hypermail 2.1.8 : Tue Mar 09 2004 - 17:02:58 EST
