Protocol Filtering [Archive]

stasi

05-16-2007, 04:24 AM

Hi,

Regards your protocol filtering software . . . can you say how you are doing this? Are you using GPL L-7 filtering code and/or IPP2P for protocol classification using signatures?

Can you classify and block encrypted P2P apps such as BitComet?

regards

Peter

richie

05-16-2007, 08:03 AM

Hi.
Protocol Control blocks application via signature. Blocking bittorrent will block
Bitcomet and other apps that uses BitTorrent technology.

dmorris

05-16-2007, 11:18 AM

stasi

05-16-2007, 01:22 PM

welcome! :D

We are using the l7-filter signatures, however we wrote our own engine.

(The kernel isn't the place to be doing that stuff, IMO.)

You can take new signatures from the l7-filter and add them - although we usually add the new ones periodically.

Hi,

Thanks for the info. Wrote your engine - impressive!

I presume we can simply add new signature patterns into a specific folder as L7 filter does? Any thoughts on an auto update function for signatures or is this already present?

Do you have a solution for controlling Skype at all? or anything planned?

Web content filtering - are you using Dansguardian so that the HTML page content is read?

Lastly, software RAID function available for system resilience?

regards
Peter

dmorris

05-16-2007, 04:29 PM

wow! thats a lot :)

auto update is implemented for the signatures, as long as you have auto update turned on - we may add a more frequent update mechanism also in 5.1.

there is a skype signature for on l7 filter however I doubt its effectiveness (especially for blocking - http://www.secdev.org/conf/skype_BHEU06.handout.pdf)

Web content control we use urlblacklist.com plus we are building our own site database that will probably be open for contributions and free.

we don't currently support software RAID, but it is filed for an enhancement.

edit: you can add new protocol control rules by just clicking on the plus sign and filling in the new row.