Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 27 Nov 2005 19:56:09 +0100
From:      "Alexandre DELAY" <>
To:        "Chuck Swiger" <>
Subject:   RE: Protocol filter capabilities
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
I agree with you, but my aim is not to block traffic between my internal
network and the Internet.
I only want to filter (not block) certain protocols.

I found a nice tool for this:

-----Message d'origine-----
De :
[]De la part de Chuck Swiger
Envoye : dimanche 27 novembre 2005 19:49
A : Alexandre DELAY
Cc :
Objet : Re: Protocol filter capabilities

Alexandre DELAY wrote:
[ reformatted... ]
>>> Don't you think that it would be a nice thing to be able to include such
>>> "filters" from, for example, ethereal? Ethereal support more than 34k
>>> different protocols. It woul be nice to be able to choose from those
>>> filters and to apply some rules according to those filters.
>> You're talking about a reactive IDS. You can rig them up using scripts
>> which monitor logfiles, or something like /usr/ports/security/snort.
>> However, I prefer to use IDS for traffic I permit but want to monitor,
>> traffic I already know I want to block.
> Snort doesn't answer to such needs.
> It is not able to analyze application protocols such as BEEP or Edonkey.
> See:
> filter application protocol based on ip/ports is not efficient. Some
> application are able to work on almost any port.

Snort is a tool.  It can be used to build an IDS and is well-suited for that
task, but it is not intended to entirely replace a firewall.

It is true that P2P application protocols are very adaptive and are able to
work via almost any port.  However, they do not work through a properly
configured proxy using a "deny all" firewall in what is called a DMZ or
screened subnet firewall architecture.

If your network is set up for this correctly, internal machines on the LAN
never be allowed to make external requests, at all (period); clients may
run without a default route set and without the firewall having NAT enabled.

_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Want to link to this message? Use this URL: <>