Gee folks, lots of email jokes, but not too much help for the poor grad
student. I'll give you another tip on "academic" sort of work. Check out
Steve Bellovin's ftp directory at Bell Labs anonymous ftp site. Bellovin
and his partner Bill Cheswick started publishing security papers as early as
1988/89, and their team at the Labs have written some pretty clever software
(my impression only) to find and track intruders.
This *was* the correct URL. However, it might be different since Bell Labs
is now part of the new Lucent Technologies Co. And, I'm not sure where SMB
has gone with the new AT&T split up.
Also, you might want to find Cheswick & Bellovin's book on firewalls. Can't
recall the title, but I'm sure you can find it with the authors names.
At 06:22 PM 2/5/97 -0500, nvs2 @
>I am implementing a firewall as a Master's project and I need to decide
>on rules for packet filtering. I have two questions to ask you folks:
>(1) Can anyone suggest research papers/books/web documents on packet
>(2) I was told that a packet filter should check for various combinations
>Source Address, Destn Address, protocol, Source port, destn port
> and then decide if a packet should be let thro.
>Also, this decision making has to be real fast so as not to introduce a
>considerable amount of overhead while routing the packet.
>Does any one have any suggestions on how this can be done?
>Thanks in advance
Jerry Mendes, Principal Consultant Voice: (415) 381-5500
DataComm Insights FAX: (415) 381-5502
150 Seminary Drive Email: mendes @
Mill Valley, California 94941