[Discussion] Just one question

Will Metcalf william.metcalf at gmail.com
Thu Mar 19 23:19:47 UTC 2009


This is cool stuff.  Can you guy's currently reconstruct downloads
that are offset from the end of the HTTP headers via
content-disposition?  Just curious...

Regards,

Will

On Thu, Mar 19, 2009 at 11:25 AM, Seth Hall <hall.692 at osu.edu> wrote:
>
> On Mar 19, 2009, at 11:34 AM, Thorsten Holz wrote:
>
>> Seth Hall is using that in production, perhaps he can report in the
>> performance impact.
>
>
> When we started running it, I was surprised because the additional
> performance impact was fairly negligible.  Also, we aren't writing the
> files to disk (I agree, that would be bad), as chunks of the file come
> through we add each chunk to the incremental md5sum so the total CPU
> time required to calculate the md5sum is amortized across the time it
> takes for the file to be downloaded.  We aren't calculating md5sums
> for everything either.  We only calculate the md5sum if the file being
> downloaded was identified as a windows executable by libmagic.  As a
> final data point, it looks like we see about 3000 - 3500 unique URLs
> daily where the server returns a Windows executable.
>
>   .Seth
>
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>



More information about the Discussion mailing list