Penetration Testing mailing list archives
Re: firewall question
From: "John Adams" <jadams () inktomi com>
Date: Thu, 14 Feb 2002 12:04:14 -0800 (PST)
On Wed, 13 Feb 2002, leon wrote:
So to reiterate; is there a way to configure pix or checkpoint to judge the connection based on protocol as opposed to arbitrary things like source ip, destination IP or port numbers?
Here you're discussing a type of firewall known as a application-aware (or context-aware) firewall. They're available, but the time it takes to process individual packets and recognize if they are of the correct application can impact performance. Application level proxies fall into this class (but are not transparent to the end user), and some features on the Cisco PIX (like the application aware 'fix-ups' help to close up application holes. There's no way right now to have the PIX deny based on application traffic, but if you look at the filter language on the checkpoint, it would be trivial to write an application aware handler for specific ports. (If you really want to hose the AIM users, though, completely blackhole login.oscar.aol.com and 198.81.24/24) --john -- John Adams . Sr. Security Engineer . Inktomi Corporation jadams () inktomi com . Security Operations . FC 2.2.36 My options are not that of Inktomi Corporation, nor do they represent any security policies or practices that may be in use. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- firewall question leon (Feb 14)
- Re: firewall question Rzac` (Feb 14)
- Re: firewall question Michael Starr (Feb 14)
- Re: firewall question John Adams (Feb 14)
- Re: firewall question dr . kaos (Feb 14)
- RE: firewall question Panos Dimitriou (Feb 15)
- <Possible follow-ups>
- Re: firewall question Dario N. Ciccarone (Feb 14)
- RE: firewall question Matt Peterson (Feb 15)
- Re: firewall question dr . kaos (Feb 15)