Re: Layer 7 filtering

To: Michael Richardson <mcr%sandelman.ottawa.on.ca@localhost>
Subject: Re: Layer 7 filtering
From: "Marcin M. Jessa" <lists%yazzy.org@localhost>
Date: Tue, 6 May 2008 15:07:55 +0200

On Thursday 6. April 2006 04:41:29 Michael Richardson wrote:
> >>>>> "Marcin" == Marcin Jessa <lists%yazzy.org@localhost> writes:
>
>     Marcin> As many of you may know it's PITA to filter bittorrent
>     Marcin> traffic.  One of the most successful ways is to inspect
>
>   Don't. It won't work. People and programs are way too adaptable.

I both agree and disagree. I know of products which can filter at application 
level with success. There are always walk arounds but they're hard to figure 
for a "normal" user.

>     Marcin> layer 7 packets.  Is this possible with any of firewalling
>     Marcin> systems avaliable for NetBSD?
>
>   QoS the traffic that you care about to an appropriate level of
> service.

This is not doable without being able to match layer 7 traffic.
You cannot really do this for specific ports (80,443 etc.) as these ports can 
be (ab)used for something else than what's intended.

Cheers,
Marcin.

Prev by Date: Re: panic: mbuf too short for IPv6 header
Next by Date: Re: panic: mbuf too short for IPv6 header
Previous by Thread: panic: mbuf too short for IPv6 header
Next by Thread: GSOC - 2008 - "create an in-kernal API for packet classes" project discussion
Indexes:

Home | Main Index | Thread Index | Old Index