[Emerging-Sigs] Blocks based on IP alone

evilghost@packetmail.net evilghost at packetmail.net
Sun Oct 17 20:52:55 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/17/2010 07:07 PM, Martin Holste wrote:
> I really am impressed with Websense's performance for RST.

I see a about a 70/30 success rate.  For smaller payloads often times
WebSense misses the two-way RST in time and full payload is delivered.
If you're looking at this as a solution look very closely at it from a
network level.  What the UI reports as "blocked" is often times
successful at the network level only to be RST sometime later after the
full content-length of the binary has come down.

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMu5pnAAoJENgimYXu6xOHimkP/2EVZog42INCsmtDF8MZhqfb
cS7pkLvz3akjvg+UiYx3/KyrSvmcles9lgnQd6dek8R8O4HCxDxnFVrWqdDCa2rZ
BAX4+J6IkgJxwkg5lox+S5iqv/dU8NKwJTQBC9miqd+rZHWWjzSS/V1V3a1/bL2x
BN6+eMrFK5vNnhrKgutfMlwhjK7C+OrKpdq/SWYSUtzZ5/9oYvv2U1o9FKeye7lr
NSoWjvvRTKIr43U0p2al+f6543rp4rJMkGCv2t3gXq66cboJfZuOwimSbA/mvXSs
eJsegv0qOZSaf6iTVvHcVkb2mANnFeZhLRC/t7fwiPUAOdKShjFra4IeGzajPmqb
opa7WCwO7UY3UEjlX/8cF2z06XGT8/FhrTdUB1fAX9y11X7PqCUNISPiB7OOdGNy
Mwu2xtjkwvtYqVPNJzgukUhIX4r1eg3ip8yhBKEqp4fqw7w3HxB4agk7hFEGn3g3
Ud09Z621R6tlJCW634SB0OUtpicSdzaPCmO65i6h0gHbAFx69ckKRiwMNtXBNawd
GlQ1dYWU1jphs6tLG3cd7IkZ8acK/EdVeTMDWt7wQQFu4bXGVQr6ur8yXPzZygea
OhE596LeK0D1LM2FKBahPfexw3bAelj73FR2iEIi6F5tZplrqdmicjJicjOkuMl5
mG79bDEJGJkw54X+5mkL
=2BTh
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list