Chris, Have you looked at PacketHound by Palisade Systems http://www.palisadesys.com/ Not a free product. Runs in the promiscuous mode, and it takes the approach of checking the content of every packet based on signatures. So if a packet appears to be say DNS (UDP/53) but the content is AIM then you can take action (like kill the packet). I think this is just about the only way to deal with such things on a filtering basis.
The problem with having such technology in a firewall is that it is very taxing on the CPU. A solution like PacketHound is a dedicated standalone product. On Monday, November 3, 2003 at 16:56, Chris Green wrote: >That all sounds great, but in these cases the management just looks back at >me and says "block it." They don't understand when I say I can't. :) They >all happily sign off on policy and will go after the abusers, but they want >some basic protection in there. I am working on some layered approach here >using Group Policy on my XP workstations to block the executables from even >running, but even that takes diligence to keep up with versions, etc. I've >looked at some apps that claim to filter it, but they are not even remotely >cheap. I'll keep the eyes out for a free solution. > >Chris Green > > -- Paul Emerson Global Technology Associates, Inc. Tel: +1.407.380.0220 http://www.gta.com/ Fax: +1.407.380.6080 Email: [EMAIL PROTECTED] Mob: +1.407.617.7818 AIM: pje1gta ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
