> Application level firewalls require heavy application knowledge... 
> usually very specific code. Luckily enough, there are these packages 
> (see above). Beyond that, there are commercial products... :)
> 
> Gilles.

Utilities like lsof are able to determine which processes have what files
and (more importantly) network sockets open. With that in mind, it would
seem it would be quite possible to have something sit between the
processes and ethernet driver monitoring which apps are trying to
communicate on what sockets and act upon them accordingly.

Or maybe I'm oversimplifying things a bit...

--
Ed Wensell III

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com