| |||||||||||||
Deep packet inspectionDeep packet inspectionPosted Jul 28, 2008 10:20 UTC (Mon) by dps (subscriber, #5725)Parent article: Deep packet inspection
It should be perhaps remarked that deep packet ispection features are already a standard feature of firewalls. I assume you *do* have a firewall with stateful inspection features infront of your linux box and it does drop at least some incoming attack traffic. This involves looking at more than the just the IP header, which is normally sufficient to route the packet (modulo NAT). If you want interesting throtling features then vanilla linux kernels do have optional policy routing which can do that too. I suspect some readers might have implemented a transparent HTTP proxy which clearly constitutes a man in the middle. Anything like a NebuAd trial would be a powerful reason for me to use another ISP. I do not exist to be fed advertising, period.
(Log in to post comments)
Deep packet inspection Posted Jul 31, 2008 13:33 UTC (Thu) by forthy (guest, #1525) [Link] Firewalls sometimes have to inspect packet content. That's especially true for "abominations" like FTP, where the packet can contain the port number a client expects to be connected on. Or worse, the portmapper used by NFS and YP (most firewalls don't pass these), or the way Flexlm license servers work. This sort of protocols haven't been designed for firewalls. The other reason for a firewall to look into the packets is application-level filtering. This sort of firewall consists of (transparent) web and mail proxy, and filters out spam and malware. However, this is a "you want it, you got it" type of man-in-the-middle. Different story.
|
|||||||||||||