How to filter based on application protocol being used

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Srikant Tangirala <srikant.bsd@...>

To: <misc@...>

Subject: How to filter based on application protocol being used

Date: Friday, May 9, 2008 - 1:10 am

Hello All

Since many of standard services can be made to
listen on any port on the server side, and proxies
with custom configuration can be used in cases
otherwise, how effective is a firewall if it blocks
based on standard service ports? Is there a way
in which the application protocols being used can
be detected and then this knowledge be used to
let pf know what to filter and what not?  So, is
there some way to ensure that traffic to port 53
is in fact not from a program like iodine and what
goes to port 80 is only HTTP/HTTPS, and so on
for all the common protocols? With my little bit
of knowledge what I figure is that we need some
piece of software(s) which understands each protocol
thoroughly, can look at raw packets in real-time
and detect the protocol being used. Even then,
it may get bypassed in cases like 'protocol obfuscation'
feature of eMule being used, or if sufficient amount
of random garbage traffic is generated to deter proper
analysis.

Please correct if I am wrong or the question itself
is impertinent to this list.

Any help will be great. Thanks in advance.

Srikant Tangirala.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 1:10 am)

Re: How to filter based on application protocol being used, jean-philippe luiggi, (Fri May 9, 7:40 am)

Re: How to filter based on application protocol being used, Marcus Andree, (Mon May 12, 7:44 am)

Re: How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 9:35 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 2:25 am)

Re: How to filter based on application protocol being used, Johan Fredin, (Fri May 9, 4:51 am)

Re: How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 2:53 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 3:06 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 1:58 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Jeremy Fitzhardinge	[PATCH 10 of 36] x86: unify pgd_index
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Karsten Wiese	Re: 2.6.20-rc6-mm3
git:
Steffen Prohaska	How to reduce remaining differences to 4msysgit? (was What's cooking in git.git (t...
Jakub Narebski	Re: Cleaning up git user-interface warts
Linus Torvalds	Re: git versus CVS (versus bk)
Johannes Sixt	[PATCH 12/40] Windows: Implement gettimeofday().
openbsd-misc:
Richard Stallman	Real men don't attack straw men
Maxim Belooussov	-current and rthreads
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Amarendra Godbole	Anyone from this list at BlackHat or DefCon? And a query...
linux-activists:
David Willmore	Re: Intel, the Pentium and Linux
Theodore Ts'o	Re: demand paging: proposal
Lars Wirzenius	Re: Stabilizing Linux
Ari Lemmke	find-1.2


Why Windows is better than Linux	29 minutes ago	Linux general
magical mounts	1 hour ago	Linux kernel
Problem in scim in Fedora 9	2 hours ago	Linux general
The new Western Digital power saving drives	2 hours ago	Hardware
Battery Maximizer Software	22 hours ago	Linux kernel
windows folder creation surprise	1 day ago	Windows
Firewall	1 day ago	OpenBSD
IP layer send packet	2 days ago	Linux kernel
dtrace for linux available	2 days ago	Linux kernel
Unable to mount ramdisk image using UBoot while upgrading to 2.6.15 kernel for a MPC8540 based target	2 days ago	Linux kernel

How to filter based on application protocol being used

Online users