|
|
|
|
|
|
by Igalze
4620 days ago
|
|
|
Very true. As far as headers concerned, we actually dig very deep. For instance, we will look at little encoding-related nuances, which can help identify spoofed headers (ua and IPs are fakeable, after all) :)
Also, we look for abnormalities in header order while being aware of variants that can derive from using various devices, proxies, etc.
Hence the 10M signature pool, which grows as new variants are spotted across our network. |
|
|