Steff
Here are some applications that may be interesting crossbow use cases.
1) A VoIP aware firewall provides secured connections between a customer and
partners. Multiple types of services may run on the device, e.g., SIP on UDP,
H.323 on TCP, etc. Each service may also run on multiple IPs or multiple ports
on same IP for different groups of users (e.g., separate IPs for trusted,
semi-trusted, and untrusted usrs). Device may be connected to the public
network and may be attacks. The goal is to use crossbow to mitigate / control
attacks on VoIP services. For example
a) Attacks on one IP (VNIC) should not affect services running on other IP
(VNIC)
b) Attacks on one protocol (e.g., H.323/TCP) should not affect services
running on other protocols (e.g., SIP/UDP).
c) Attacks on one port should not affect services running on other ports or
IP/ports (that means at most one group of users may be affected.)
2) This use case is similar to case 1 but has additional goal to use crossbow
to protect all services, including the service under attacks. The hope is to
use crossbow?s h/w based packet classification and flow control functions,
integrated with network and application level intrusion detection functions, to
detect and block bad traffics at near wire speed.
Note case 2 is more interesting because: 1) for critical services user wants
to protect all users, including the user whose service is under attack; 2) it
seems there have not much study on how fast crossbow can block packets (v.s.,
some work has been done on how fast crossbow can forward packets). Such data
is important for security applications and I think many users will be
interesting in knowing the results.
Hope it helps
Xiaobo
This message posted from opensolaris.org
