[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

app-layer pf filters? (was: RE: AIM and packet filters (was Re: Logging Question))



Don't mean to be flame-bait...and I haven't done my homework...but are
there any pf-compatible open source projects that do application-layer
content inspection?
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf
Of eric
Sent: Friday, November 12, 2004 3:12 PM
To: Kevin
Cc: Phusion; [email protected]
Subject: Re: AIM and packet filters (was Re: Logging Question)
On Fri, 2004-11-12 at 11:41:10 -0600, Kevin proclaimed...
> While a strong deep-protocol-inspection product like the IntruShield
> *might* detect the protocol anomoly, the only effective way for a
> stateful packet inspection device to block AIM is to refuse ALL
> traffic towards the IP addresses which host the "login.oscar.aol.com"
> service (there are approximately fifty such servers under aol.com and
> icq.com).
You could also poison your dns caches and redirect them to null.