|
Hello,
On Mon, 24 Sep 2001, Roberto Nibali wrote:
> I haven't had the time to read the binary analysis of the nimda code but
> as soon as you get the pattern in hex, you can use the u32 selector of
> tc and be ways faster by just blackholing or table bouncing the matched
> selector.
Grr. But the u32 matching works only for patterns on fixed
positions?
> Yep, this could be deployed in that way, although I still like the u32
> selector better. You set a rule to the FIB using a u32 selector and then
> we should provide a mean for adding a LVS service table entry for FIB
> classid's.
May be there is really a need for some pseudo-L7 classifiers in
the QoS code :) Then it could be useful for routers. May be it should
be related somehow to the connection tracking but it is not an easy job.
Matching blindly strings is too simple.
> I'm not sure I could be of any help but I was hoping other people would join
> this (for me) interesting discussion about such L7 implementations and virus
> blocker.
>
> Best regards,
> Roberto Nibali, ratz
Regards
--
Julian Anastasov <ja@xxxxxx>
|
