<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: "Catch 25"


On Sat, 12 Sep 1998, Gunnar Lindberg wrote:
> b)  Think of a (transparent, screening) firewall type device instead.
> 
> 
> Now, there is quite some amount of work in both a) and b), work that
> the ISP has to do. My guess is that it's very much the same for a)
> and b), i.e. it makes little difference which one you use.

We don't use one for this kind of thing, but the Cisco PIX might be of use
in this area; for instance a simple log might be:

Sep 13 04:15:28 gw.cam.uk.internal  302001 Built connection for faddr
	158.43.128.84/45811 gaddr 194.130.147.15 laddr 172.31.7.15/25

It can also log/block on protocol conversations, but it is reportedly very
ropey in its parsing (but then, can anything be really perfect in this
area unless it is dedicated to that function?)

Chuck






<<< Chronological >>> Author    Subject <<< Threads >>>