Re: How to filter based on application protocol being used

2008-05-12 Thread Marcus Andree
snip Snort may also be of interest here. You can do it using open-source software as Bro (http://bro-ids.org), it's an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro has the DPD (dynamic

Re: How to filter based on application protocol being used

2008-05-09 Thread Reyk Floeter
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: let pf know what to filter and what not? So, is there some way to ensure that traffic to port 53 is in fact not from a program like iodine and what goes to port 80 is only HTTP/HTTPS, and so on for all the common protocols?

Re: How to filter based on application protocol being used

2008-05-09 Thread Reyk Floeter
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in real-time and detect the protocol

Re: How to filter based on application protocol being used

2008-05-09 Thread Srikant Tangirala
Thanks for such a prompt reply. I will not use Linux even if you pay me. It has been OpenBSD for me for past three years and it will remain so as long as OpenBSD remains what it stands for. That aside, see, I have used this tool called ourmon successfully on OpenBSD to detect P2P traffic and

Re: How to filter based on application protocol being used

2008-05-09 Thread Reyk Floeter
On Fri, May 09, 2008 at 12:23:47PM +0530, Srikant Tangirala wrote: Thanks for such a prompt reply. I will not use Linux even if you pay me. It has been OpenBSD for me for past three years and it will remain so as long as OpenBSD remains what it stands for. heh, i like your answer ;)

Re: How to filter based on application protocol being used

2008-05-09 Thread Johan Fredin
On 08-05-09 08.25, Reyk Floeter wrote: On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in

Re: How to filter based on application protocol being used

2008-05-09 Thread jean-philippe luiggi
On Fri, 9 May 2008 10:40:18 +0530 Srikant Tangirala [EMAIL PROTECTED] wrote: Hello All there some way to ensure that traffic to port 53 is in fact not from a program like iodine and what goes to port 80 is only HTTP/HTTPS, and so on for all the common protocols? With my little bit of

Re: How to filter based on application protocol being used

2008-05-09 Thread Srikant Tangirala
Thanks a lot jean-philippe ! Will give it a try immediately. Regards Srikant Tangirala.

How to filter based on application protocol being used

2008-05-08 Thread Srikant Tangirala
Hello All Since many of standard services can be made to listen on any port on the server side, and proxies with custom configuration can be used in cases otherwise, how effective is a firewall if it blocks based on standard service ports? Is there a way in which the application protocols being