Hmmmm. > *Pre-established TCP sessions on port 80 are identified by the SMB and ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		exikyut on Dec 10, 2017 \| parent \| context \| favorite \| on: Comcast is injecting 400+ lines of JavaScript into... Hmmmm. > Pre-established TCP sessions on port 80 are identified by the SMB and forwarded with no impact. (SMB = Session Management Broker) How does the system identify a "pre-established session"? This seems to corroborate what you're saying

Dylan16807 on Dec 10, 2017 [–]

That part just requires looking at the TCP header. So I guess the answer is "no deep packet inspection until it picks a connection to inject, and then it inspects everything in that connection". Which simplifies to "yes deep packet inspection".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact