Subject: Which (free) software to do application-level firewalling
To: None <netbsd-users@netbsd.org>
From: Joel CARNAT <joel@carnat.net>
List: netbsd-users
Date: 03/04/2006 14:13:27
--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I spend the last two days at "Microsoft Security Days" in Paris while I
was spammed with "M$ does it", "M$ is great", yadda yadda... When I put
the commercial aspect away, there ISA server 2004 looks pretty nice.
To sum up, it is a firewall that can deal with network flow at
application level (aka ISO layer 7) - that is, it can block data flow if an
HTTP/SMTP/... command is known to be bad (too long, attack signature, ...).
My question is, using NetBSD ;), what is the way to validate network flow
at level7 ? Is it postfix that can kill a session (for eg) if the HELO
command gets more than "64" chars ? Is it squid that can terminate a
session if it see URL patterned like "GET blabla.php?vars=3DDOSme\n\n\n\n"
? How do we do this is the free world (didn't find anything on
google|freshmeat - but I may not have use the right search pattern).
TIA,
Jo
--=20
,- This mail runs ------.
`--------- NetBSD/smtp -'
--envbJBWh7q8WU6mo
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (NetBSD)
iD8DBQFECZJ30/VH7L7F7Y4RAqB0AJ92sR40pSnmxqHUumsmpFY6Fg6DdwCfUtDX
BBm99QZuHgo9+gazziFHwEk=
=z39u
-----END PGP SIGNATURE-----
--envbJBWh7q8WU6mo--