Don't mean to be flame-bait...and I haven't done my homework...but are there any pf-compatible open source projects that do application-layer content inspection?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of eric Sent: Friday, November 12, 2004 3:12 PM To: Kevin Cc: Phusion; [EMAIL PROTECTED] Subject: Re: AIM and packet filters (was Re: Logging Question) On Fri, 2004-11-12 at 11:41:10 -0600, Kevin proclaimed... > While a strong deep-protocol-inspection product like the IntruShield > *might* detect the protocol anomoly, the only effective way for a > stateful packet inspection device to block AIM is to refuse ALL > traffic towards the IP addresses which host the "login.oscar.aol.com" > service (there are approximately fifty such servers under aol.com and > icq.com). You could also poison your dns caches and redirect them to null.
