On Feb 11, 2008 1:11 AM, Jamie Wilkinson <[EMAIL PROTECTED]> wrote: > Application-aware firewalls are time consuming to develop, but I am > concocting in my mind a tool that scans signatures out of all your > documents, then has a tcpdump running on your firewall comparing traffic > signatures -- sort of like snort, but in reverse -- and sending TCP RST to > the sender if a violation was detected. > > I can also think of ways around it (SSL, for example, is a trivial > workaround, so you'll need to also MITM all your users... a wildcard > certificate ought to fool the client browsers). > > Do things like this really exist?? Well, I imagine Lotus Scrotes could, > because the document never really leaves the database, but how would you > build a system that reliably worked in a heterogenous environment like a > small-medium office, that actually worked, and you could sell to people and > still retain your soul?
Palo Alto Networks, a startup from ex-netscreen guys, seems to do almost what you say. I almost worked for them...hrmm...maybe I should have taken the job! The guy who wrote Linux Intrusion Detection System (LIDS) works for them... http://www.paloaltonetworks.com/ -- Kristian Erik Hermansen "Know something about everything and everything about something." -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
