On Thu, 7 Jun 2007, Iljitsch van Beijnum wrote:
Its more than null routes, but not much more. The router does a re-route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern.
That's a cool way to implement monitoring of traffic towards random parts of the internet.
There are much easier, cheaper ways to do that. And as another person pointed out, the IWF method is not very surreptitious so the bad guys can tell someone found them and can improve their methods. And did I mention the false positive problem of click-fraud and embedded IMG URLs accessing those sites too. Yes, your computer may have been recorded accessing a bad site when you read a spam mail.