[SLUG] Looking for a firewall

From: Greg Schmidt (slugmail@gschmidt.net)
Date: Fri Aug 08 2003 - 22:39:37 EDT


Hi Slugs,

I'm looking for some thing-a-ma-bob that can filter packets by an
arbitrary string anywhere in the packet and then decide to drop it or
forward it. At least I think that's what I want.

I don't think a layer 3 firewall that only looks at the addresses and
ports in the header will work. For this particular problem I need to
block the HTTP method called TRACE. This is not the ICMP traceroute,
tracert (DOS), or tracepath (IOS) used to identify the layer 3 hops
between one machine and another. This is one of the 8 HTTP methods
described in section 9 of RFC 2616, "Hypertext Transfer Protocol --
HTTP/1.1" http://www.ietf.org/rfc/rfc2616.txt

I'm looking to do it for an "appliance" box where the vendor doesn't
take this CERT Vulnerability Note (VU#867593, "Multiple vendors' web
servers enable HTTP TRACE method by default")
http://www.kb.cert.org/vuls/id/867593 very seriously, but someone else
who isn't exactly a PHB does.

My thought was that I could search each packet for a string identifying
it as an HTTP TRACE packet and drop it if it appears.

I'm pretty sure I don't want a proxy. I'm certain I don't want a
$20,000 layer 7 firewall solution. I'd like to do this with OSS, an old
Pentium, and 2 NICs.

Has anyone heard of some software that can do this?

Thanks,

Greg

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:19:50 EDT