On Thu, 2011-05-12 at 13:47 -0700, Russell Senior wrote: > >>>>> "Aaron" == Aaron Burt <aa...@bavariati.org> writes: > > Aaron> On Tue, May 10, 2011 at 03:23:03PM -0700, MJang wrote: > >> I keep reading about "Next generation" firewalls that filter > >> different Web services that go through standard Web ports, > >> e.g. SonicWall, PaloAlto, etc. These are firewalls that enable > >> fine-grained blocking of things like specific Facebook games, > >> without blocking the rest of Facebook, through port 80/443. > > Aaron> Normally, it would be called "Deep Packet Inspection", but this > Aaron> sounds like recycled porn-blocker technology. Simple stuff can > Aaron> be handled with Squid or other proxies, and DansGuardian should > Aaron> be capable of handling more complicated cases. > > Aaron> Anyone played with OpenDPI? > > The lead OpenWrt developer says that he's planning to include it in > OpenWrt after some cleanups, replacing the l7 filter stuff or > something like that. > > DPI isn't going to work though if the payloads are encrypted.
Aaron, Russ, appreciate it! Now at least I know where to start my research. opendpi.org sounds especially promising. FWIW, SonicWall claims they can decrypt/re-encrypt payloads "on the fly," whatever that means. I presume if an encrypted payload can be read in a browser, it can be read by some content filter, presumably with headers at OSI level 7 or something more complex related to the actual payload. Thanks, Mie _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
