On Wed, 28 Jun 95 07:08:00 CDT, "Jarmon, Don R" <drjarmon @
hsv20 .
pcmail .
ingr .
com> wrote:
We would like to be able to control ftp file transfers
using this policy. Internal nodes can get remote files
but not put. Can this be controlled with a Screening
Router? Cisco? Baynetworks? Others?
Network System's NetSentry filtering can do this in our routers. Suggested filter
(using the NetSentry Common Filter Library):
FILTER no_ftp_puts # Filter to block FTP "get" (i.e. RECV) command
tcp_destination_port in (ftp-control)
%ftp_command in (get) # from filter library ftp.h
log_to 1.2.3.4 1781 # audit event
icmp_unreachable (net_unreach) # from library icmp.h
fail; # block packet
end
See our web server at http://www.network.com for more info.
--
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
Follow-Ups:
|
|
