Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Content Filtering Firewall in Linux..

from [Andrew Rucker Jones] Network Security [Permanent Link]
Subject: Re: Content Filtering Firewall in Linux..
Date: Fri, 19 Aug 2005 06:30:21 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hrvoje Spoljar wrote:

You are looking for layer7 iptables patch.
http://l7-filter.sourceforge.net/


No, You're really not. This was made for quality of service and suffers
the same problems as Netfilter with hex string support. Think about
this: You create a pattern for l7-filter (or Netfilter with hex strings)
to look for "sex" and drop it. First You run into the "Essex" problem,
so You change it to " sex ", but that doesn't block " sex." or " sex!"
or " Sex " and so on. So You write a regular expression for it
(l7-filter seems to support this). This finally blocks what You want it
to block. It also, however, blocks interesting, security-related
articles on spam. It blocks educational information on health, AIDS, and
similar topics. It blocks sites that use the word "sex" as a replacement
for "gender". Writing regular expressions like this will also not help
You on the issue of virus filtering.

In addition, all this can really do, being a component of the firewall,
is drop or reject the connection (connections either hang or end
abruptly without receiving all of the data). This is extremely
unfriendly and will not gain user acceptance. A system that sends back a
custom error page stating that the site has been blocked due to content
issues, and that objections should be directed to (add contact
information for site administrator here) is much better.

DansGuardian, and other similar solutions, use a point system that
mitigates the false positive issue metioned above. With this system, the
word "sex" appearing on a page will not automatically mean that the page
will be blocked. However, "sex" (30 points) with "whore" (50 points) and
"pussy" (100 points) will cause the site to be blocked, because the
total number of points (180) is more than the limit You set (160). (All
point numbers are examples only.)

                -&

- --
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDBWBcoI7tqy5bNGMRA7/vAJwMYyOhoixhDvToo6BoVD2x9Ccq3QCguRar
xZEOZljpPCCE1nIpevEFlRQ=
=noAE
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server, pejman . gohari
Next by Date:  Re: SMB : TCP/445 impossible to sniff a document sent to be printed to a MS Spooler Server, Zow
Previous by Thread:  Re: Content Filtering Firewall in Linux.., Hrvoje Spoljar
Next by Thread:  Re: Content Filtering Firewall in Linux.., Hrvoje Spoljar
Indexes:  [Date] [Thread] [Top] [All Lists]