Changes between Version 1 and Version 2 of Ticket #20348, comment 91


Ignore:
Timestamp:
Jan 21, 2017, 6:09:32 PM (3 years ago)
Author:
dcf
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20348, comment 91

    v1 v2  
     1> There could be another cause: for example suppose all the DPI boxes count connections to each IP address and upload the logs to a central place, then the firewalls only apply their timing/entropy heuristics to popular destinations. It wouldn't surprise me if a firewall vendor were uploading customer connection logs in order to do data mining on them.
     2
     3They no need to send it to central place, box can to count connections locally to skip all new addr:port. But then why need to count entropy every time for already known addr:port? Why so complex?