site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > The ZoneAlarm/BBR research thread

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

reply to atangel

Re: The ZoneAlarm/BBR research thread

I captured one! I don't know whether it's looking at outgoing or incoming data, but I have the data to fool with. I'll see if I can simulate it.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
to forum · permalink · 2004-06-19 16:40:11 ·


Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

Well when I reply my POST data, ZoneAlarm doesn't seem to get confused, so it may not be strictly related to short patterns but data as appearing over a longer period.

This may take some doing.

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site

to forum · permalink · 2004-06-19 17:19:23 ·


Steve
I know your IP address
Consultant
join:2001-03-10
Yorba Linda, CA
kudos:5

said by Steve:
This may take some doing.
... and I can now reliably reproduce the ZoneAlarm proxy confusion with a fixed stream of data to the BBR webservers (essentially replaying the captured data from tcpdump with a small perl program), so now it's just a matter of trimming stuff out until it stops misdetecting; then we'll know what the patterns are.

Woo hoo!

Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
to forum · permalink · 2004-06-19 17:43:08 ·
Forums > Broadband Tech > Security > Security

Sunday, 27-May 08:55:57 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics