On 28 Jun 1995 11:56:03 -0400, mcr @
milkyway .
com (Michael Richardson) wrote:
In article <199506281320 .
JAA05981 @
kgbvax .
network .
com>,
Ted Doty <ted @
kgbvax .
NETwork .
COM> wrote:
>FILTER no_ftp_puts # Filter to block FTP "get" (i.e. RECV) command
> tcp_destination_port in (ftp-control)
> %ftp_command in (get) # from filter library ftp.h
> log_to 1.2.3.4 1781 # audit event
> icmp_unreachable (net_unreach) # from library icmp.h
> fail; # block packet
What does the client see? "421 connection closed"? Hang?
"500 That operation is not permitted" is what I would expect.
I never have understood how packet filters can do application
layer stuff intelligently.
230 - This system does not allow receipt of information from client systems. All
230 - such access is prohibited. The management is not responsible for any damages
230 - caused by attempts to circumvent this policy.
My feeling is if someone ignores this, I don't care if I hang his connection.
How about icmp_unreach (access_prohibited)? How about a TCP RST? Look, there's no
magic about "application layer stuff"; it's all just 1s and 0s. I really don't see
what packet filter vs. application gateway has to do with handling this (at least
with the right packet filters ;-).
--
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
Follow-Ups:
|
|
