glen@aecom.yu.edu (Glen M. Marianko) (11/16/89)
Anyone ever hear of a bridge or router that can filter traffic within
a protocol. Like tell the box to "filter all TELNET traffic" or
"allow only SMTP traffic" either globally or for individual nodes.
Granted, this is rather esoteric - but security is the concept
here.
Thanks!
--
-- Glen M. Marianko Manager, LAN Services Glasgal Communications, Inc.
151 Veterans Drive Northvale, New Jersey 07647 201-768-8082
glen@aecom.yu.edu - {uunet}!aecom!glen (Courtesy of AECOM & unaffiliated)mep@AQUA.WHOI.EDU (Michael E. Pare) (11/16/89)
3COM/Bridge aloows filtering based on packet content and you can build the filters using logical operators such as and, or, nor, etc. To trap these packets you could start the filter using type 0800 (IP) and then the particular info for the exact packets you are trying to filter. All you need to know is the format of the packet so you'll know what to enter. Hope this helps. Michael Pare Woods Hole Oceanographic Institution Woods Hole, MA 02543
ESC1814@ESOC.BITNET (11/22/89)
Using the Cisco router extended access-list feature you can filter IP connections according to Source and Destination address, protocol ie. IP, TCP, UDP, & ICMP, and down to the port number/service access point. You can use >, <, or == or != operators to specify which port(s) may be accessed. eg to allow only mail connections you could restrict a connection between hosts to port 25 (SMTP port) Dave Stafford European Space Operations Centre Darmstadt, W. Germany
kr@apollo.HP.COM (Keith Alan Rodwell) (11/23/89)
There are a number of companies who deal with protocol layer brdiges that can do packet filtering. Proteon, Bridge and Cisco come to mind. Some are even programmable enough that you can define new protocols (i.e. Apollo/HP 8019...). You should look at a number of vendors before you buy. There are many options/limitations with many models. Look hard at what you need to do v.s. cost. ---Keith ------------------------------------------------------------------------ ------------------- ``This theory which is mine, is mine'' -- Ann Elk (Monty Python) Keith Alan Rodwell Apollo/HP Customer Support (508)-256-6600 X8415
cpw%sneezy@LANL.GOV (C. Philip Wood) (11/24/89)
... packet filtering ... DEC LanBridges and such filter packets when you don't want them to. ARP packets for example, addressed to the broadcast (all 1's) address get blocked by broken filterware in the LanBridges. Does anyone know the why of this and the how of fixing. My recommendation is to trash these bogus active components and learn to live within the ethernet specification. Phil Wood, cpw@lanl.gov
enger@SCCGATE.SCC.COM (Robert M. Enger) (11/24/89)
The DEC LanBridge problem is an old one, isn't it? The old firmware on LanBridges would "learn" the broadcast address if it heard it, and add it to the "routing" table. Unfortunately, this was also the flag for the end-of-routing-table marker, so the table stopped growing to boot! (atleast these are my recollections) DEC has supplied updated "firmware" with the bug fixed. There was considerable difficulty dealing with field service (convincing them that a repair was called for, that the repiar part number I gave them was real, etc, etc, etc). They eventually did fix our LanBridge 100s. But then we went on to upgrade our network, and replace LanBridges with P4200s. Now, instead of 10,000 packets per second, we get 1000 :-) If nothing else, when the LanBridges work, they're fast! Bob