i think the proxy or the firewall can be effective listening posts for
denial traffic as they are also a pretty good place to gather patterns and
frequencies. most proxy have extensive logging facilities available, if not
by the apps or by the OS...probably something a bit *n*X...as they are adept
at logging almost anything they are asked to (most Unix apps by convention
include this service). i ave the sidewinder, pix, gauntlet, fwtk with
embedded Netscape/socksv5...and they all can perform the functions you wish.
each of these tools specific implementation techniques and those should be
learned from how-to pages for whatever distro you use..again i refer to
unixen, but then again they have established practice propagated by exposure
to source code for the OS.
explore the syntax and format of the rule sets and the locations of the
support files and adhere to the file locations that the default
installers pick as unix has that weakness, disparate OS and Network related
files scattered about myriad filesystems.
usually the format are routerish...
forgive the xhost notation, but it just for concept
tag: permit service *.*.*.* -plug_to x.x.x.x wrapper-like-program-tag
will work for most tcp.
udp needs other help...udprelay and socks are usefull.
i use TIS fwtk on Solaris a lot.
the sidewinder is a BSD based firewall.
it is adept at port redirection tactics.
to manage the split kernel architecture, it dynamically moves
all users connections to virtual memory and its own users to
assist in handling the transition from root like power to operationally
multiple kernels.
the ability to 'root' the box doesnt exist per se as the user root
is not allowed to login, but there are times when exploring pushd &
popd that i've discovered that i wound in the /root dir and with a
uid=0...hmmmm.
it uses one kernel(admin)for managing configs to DNS, sendmail.cf
(fragile)certainly dont want it resolving at that point. service
initiation...rule set table builds, cron and syslog, ftp, telnet,
you have to tweak them all. the sidewinder came with a
buggy !!shudder!! Xserver suite....
one might want to suggest possibly not using gui tools to configure
routers, servers, switches, firewalls or proxies.
they are large.
large programs are more prone to bugs and leaks just
based on the code generating lots of function calls.
system calls are expensive...wait at least they used to be...
forgive masm flashbacks.
cheswick and bellovin state small code maintain simplicity.
this should be a tao of configuration.
piranha....
>From: Apisit Suksakorn <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: Filter bad web site
>Date: Tue, 21 Nov 2000 09:43:10 +0700
>
>Dear all,
>
> My company has a policy that porno web sites are prohibited. Does anyone
>suggest me where should I filter the porno sites? (proxy or firewall)? I
>use squid and FW1. and What should I do?
>
>regards,
>apisit.
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
