Re: content matching on tcp connections...
This is a discussion on Re: content matching on tcp connections... within the IPFilter forums, part of the System Security and Security Related category; On Thu, 2003-06-26 at 08:42, Darren Reed wrote: > Long ago (well almost 3 years now), I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-26-2003
|
|||
|
|||
Re: content matching on tcp connections...
On Thu, 2003-06-26 at 08:42, Darren Reed wrote:
> Long ago (well almost 3 years now), I put some code into IPFilter > 3.5alpha (became 4.0alpha) that does this: > > > # Scan for anything that looks like HTTP and redirect it to the local > > # proxy. One catch - this feature (redirect) is not yet implemented. .... > > With the above, there are no port numbers mentioned because the connection > content scanning (I think limited to first 16 bytes or thereabouts) is done > across _all_ TCP connections that go through IPFilter's state table. > > This kind of thing could be used to block out kazaa - completely. > > I think I ditched it because I didn't think it would be that useful. > > Should I dust this off and let it back in ? I'd like to experiment with it, for one. Controlling outbound traffic is a big issue for us, and anything that could break mainstream P2P apps would be useful. Thanks, Craig. 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 11:24 PM.
