As has
been mentioned previously on this thread, this kind of "inspection" is simply a
series of regex comparisons compared on the payload data. This can be a
real performance hog at best and extremely insecure at worst. Aside
from a marketing bullet point, this isn't a terribly practical or safe "feature"
to have.
-Gary
-----Original Message-----
From: Tommaso Di Donato [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 21, 2005 4:04 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] Payload inspection
On 9/21/05, Chris Buechler <[EMAIL PROTECTED]> wrote:[...]
In the open source world, iptables has the ability to basically run a
regexp on payloads, but it's a stupid thing to do and isn't secure.
Nice thread here:
http://thread.gmane.org/gmane.os.freebsd.devel.pf4freebsd/952
...mmh, I think he was speaking about something like this...
http://l7-filter.sourceforge.net
But from what I understand, it is only for linux....
Tom
