Linux iptables have the possibility to make matches based on userid, groupid, windows based networking could apply the same technique i suppose.
In any case, you better check that the passwd is not accessible from the 'bad' processes. Tripwire check file integrity, this have nothing to do with network access layer, excpet that they are security related features which helps in trojan prevention. Finally, remember that trojans or insiders may have system / root access which deny this whole protection scheme. JeF On Fri, Jan 24, 2003 at 10:50:59PM +1100, Minh Van Le wrote: > Various firewalls for Windows(TM) have a feature that identify, permit, and > deny packets sent by authorised applications. (I use Kerio Personal Firewall > [www.kerio.com]). These firewalls use a method for creating and checking MD5 > signatures on applications that attempt to access the low-level network > layers or device drivers. This feature exists to prevent trojans or > unauthorised replacement of binaries eg. a trojaned httpd, that tries to > access/bypass the firewall. > > I know that IPChains and IPTables are packet filtering firewalls, and > basically work on src/dest:port [protocol] IP headers, but these internet > daemons eg. httpd can be configured to use different ports ... > > My question is, does IPTables support identifying packets sent from specific > applications, or any MD5 checksums on applications or even verifying full > path and filename details of any binary that accesses the kernel networking > layer ? This would atleast help in identifying what processes are trying to > access the firewall. > > Should checksums be left to file system integrity programs like Tripwire ? > > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- -> Jean-Francois Dive --> [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
