How to filter based on application protocol being used

2008-05-08 Thread Srikant Tangirala
Hello All Since many of standard services can be made to listen on any port on the server side, and proxies with custom configuration can be used in cases otherwise, how effective is a firewall if it blocks based on standard service ports? Is there a way in which the application protocols being us

Re: How to filter based on application protocol being used

2008-05-08 Thread Reyk Floeter
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: > let pf know what to filter and what not? So, is > there some way to ensure that traffic to port 53 > is in fact not from a program like iodine and what > goes to port 80 is only HTTP/HTTPS, and so on > for all the common protocol

Re: How to filter based on application protocol being used

2008-05-08 Thread Reyk Floeter
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: > for all the common protocols? With my little bit > of knowledge what I figure is that we need some > piece of software(s) which understands each protocol > thoroughly, can look at raw packets in real-time > and detect the protocol

Re: How to filter based on application protocol being used

2008-05-09 Thread Srikant Tangirala
Thanks for such a prompt reply. I will not use Linux even if you pay me. It has been OpenBSD for me for past three years and it will remain so as long as OpenBSD remains what it stands for. That aside, see, I have used this tool called ourmon successfully on OpenBSD to detect P2P traffic and bloc

Re: How to filter based on application protocol being used

2008-05-09 Thread Reyk Floeter
On Fri, May 09, 2008 at 12:23:47PM +0530, Srikant Tangirala wrote: > Thanks for such a prompt reply. > > I will not use Linux even if you pay me. It has been OpenBSD > for me for past three years and it will remain so as long as > OpenBSD remains what it stands for. > heh, i like your answer ;)

Re: How to filter based on application protocol being used

2008-05-09 Thread Johan Fredin
On 08-05-09 08.25, Reyk Floeter wrote: On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in r

Re: How to filter based on application protocol being used

2008-05-09 Thread jean-philippe luiggi
On Fri, 9 May 2008 10:40:18 +0530 "Srikant Tangirala" <[EMAIL PROTECTED]> wrote: > Hello All > > there some way to ensure that traffic to port 53 > is in fact not from a program like iodine and what > goes to port 80 is only HTTP/HTTPS, and so on > for all the common protocols? With my little bit

Re: How to filter based on application protocol being used

2008-05-09 Thread Srikant Tangirala
Thanks a lot jean-philippe ! Will give it a try immediately. Regards Srikant Tangirala.

Re: How to filter based on application protocol being used

2008-05-12 Thread Marcus Andree
Snort may also be of interest here. > > You can do it using open-source software as "Bro" (http://bro-ids.org), > it's an open-source, Unix-based Network Intrusion Detection > System (NIDS) that passively monitors network traffic and looks for > suspicious activity. > "Bro" has the "DPD" (d