Re: Firewall rules that discriminate by connection duration

From: Vlad GALU (vladgalu_at_gmail.com)
Date: 11/10/04

  • Next message: Xin LI: "Is there any way to know if userland is patched?"
    Date: Wed, 10 Nov 2004 13:23:21 +0200
    To: Brett Glass <brett@lariat.org>, freebsd-security@freebsd.org
    
    

    On Tue, 9 Nov 2004 20:10:30 -0700 (MST), Brett Glass <brett@lariat.org> wrote:
    > I'm interested in crafting firewall rules that throttle connections
    > that have lasted more than a certain amount of time. (Most such
    > connections are P2P traffic, which should be given a lower priority
    > than other connections and may constitute network abuse.) Alas, it
    > doesn't appear that FreeBSD's IPFW can keep tabs on how long a
    > connection has been established. Is there another firewall for
    > FreeBSD that can?
    >
      
       All firewalls in FreeBSD can, actually. It's part of the stateful
    inspection feature. The only thing they lack is a match parameter
    based on the timer.
     
    > --Brett Glass
    >
    > _______________________________________________________
    > Please think twice when forwarding, cc:ing, or bcc:ing
    > security-team messages. Ask if you are unsure.
    >
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    >

    -- 
    If it's there, and you can see it, it's real.
    If it's not there, and you can see it, it's virtual.
    If it's there, and you can't see it, it's transparent.
    If it's not there, and you can't see it, you erased it.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Xin LI: "Is there any way to know if userland is patched?"

    Relevant Pages

    • Re: What is the Pattern here ?
      ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ...
      (comp.security.firewalls)
    • Re: Black Ice confesses faulty program!!!
      ... > outgoing connections or traffic except in cases where these connections ... > "dangerous/suspicious" traffic by the BlackICE program. ... > get into your machine then even a PC *without* a firewall is completely ... If you don't think "Spyware" is a problem for computer ...
      (comp.security.firewalls)
    • Re: Port 135
      ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ...
      (microsoft.public.security)
    • Re: Networking/Security Question...
      ... The router itself will be a Cisco 1721. ... >setup is very simple... ... XP sp2 having the firewall on by default. ... > # but deny established connections that don't have a dynamic rule. ...
      (freebsd-net)
    • Re: XPsp2 firewall - bug? - disables on certain networks
      ... Firewall Settings for Microsoft Windows XP with Service Pack 2" document ... Even if the DNS suffix is different, the computer can get a new policy from ... manually enter the DNS server and suffix settings for all connections. ...
      (microsoft.public.windowsxp.security_admin)