mån 2007-05-28 klockan 14:44 +0100 skrev Markus Moeller: > So it looks like it could help determining malicious use of proxies even if > only few shell commands are executed. Don't forget POST requests, which may give any ratio <> 1 depending on the use.. Someone POST:ing a large file to a simple page (or smaller than the POST:ed data): < 1 Someone POST:ing small amount to a large page: > 1 And with all the Web2.0 stuff being done these days you'll never really know.. A packet size distribution might work more reliably. ssh, imap, pop etc has a lot of very small command packets, while HTTP with it's larger syntax nearly always has quite big packets.. Another question: Would you be interested in contributing your code changes? Others might be interested in this for statistics purposes. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
