> From: Ed White [mailto:[EMAIL PROTECTED]
> On Thursday 06 November 2003 17:09, Daniel Hartmeier wrote:
> > If someone shows me how to do it correctly, that might even convince me
> > to try to implement it in pf. But what I've seen so far were horrible
> > kludges in the sense that I can immediately predict a dozen ways it will
> > raise false alarms or be easily circumvented by a moderately clever
> > tool. What I'd want is a scheme that I myself could trust.
>
> The real point is: what do we need ?
>
> Something that binds together a protocol (HTTP) and a port (tcp 80) ?
Try to integrate Hogwash/in-line snort more closely with pf?
> Something that stops an exploit ?
As above. Why re-invent the wheel.
> Something that choose what to do reading application level data ?
> (like forwarding streams based on HTTP Hostname field)
This is a proxy. Perhaps a generic proxy framework would be
helpful? Hmmm, is this like giving someone a loaded gun? Writing rock
solid network apps is definitely non-trivial.
> Something that transparently modifies application level data ?
> (like removing mail attachments)
This could be a proxy. You can also have a LKM that does regexp to
match and could even replace. Full of issues like Daniel states, but still
an interesting option. Probably not a good idea for a production network.
While I find this intriguing, it is definitely experimental. I'm not sure
if this meshes with the OpenBSD philosophy.
<> Jim
