Hello All Since many of standard services can be made to listen on any port on the server side, and proxies with custom configuration can be used in cases otherwise, how effective is a firewall if it blocks based on standard service ports? Is there a way in which the application protocols being used can be detected and then this knowledge be used to let pf know what to filter and what not? So, is there some way to ensure that traffic to port 53 is in fact not from a program like iodine and what goes to port 80 is only HTTP/HTTPS, and so on for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in real-time and detect the protocol being used. Even then, it may get bypassed in cases like 'protocol obfuscation' feature of eMule being used, or if sufficient amount of random garbage traffic is generated to deter proper analysis.
Please correct if I am wrong or the question itself is impertinent to this list. Any help will be great. Thanks in advance. Srikant Tangirala.
