From owner-freebsd-questions Fri Apr 6 18: 3:38 2001 Delivered-To: freebsd-questions@freebsd.org Received: from prime.gushi.org (prime.gushi.org [208.23.118.172]) by hub.freebsd.org (Postfix) with ESMTP id 667D937B423 for ; Fri, 6 Apr 2001 18:03:35 -0700 (PDT) (envelope-from danm@prime.gushi.org) Received: from localhost (danm@localhost) by prime.gushi.org (8.9.3/8.9.3) with ESMTP id VAA66308 for ; Fri, 6 Apr 2001 21:03:38 -0400 (EDT) (envelope-from danm@prime.gushi.org) Date: Fri, 6 Apr 2001 21:03:37 -0400 (EDT) From: "Dan Mahoney, System Admin" X-Sender: danm@prime.gushi.org To: questions@freebsd.org Subject: "Smart" firewalls. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all, I had a couple of firewalling questions... 1) Is there a "smart" firewall product (commercial or otherwise) available for FreeBSD that can automatically detect against things like "Malicious Java Applets, and ActiveX Explots"? (I'm sorry, it's a Boss Question, see Dilbert). If not those, is there at least an Adaptive product that can do for an entire network what portsentry does for a single machine, or that can detect flood attempts and drop them (or even, that can execute a script that telnets to a router and causes the router to drop them)? 2) Is there a way to redirect ALL outgoing requests on port 25 to a single server where it will "act" like it's sending the mail but fail (this is mainly for use in a situation where a keylogger was sending out results via SMTP, naturally, we would want to log such things.) 3) Finally, is there a way to do virus/exploit scanning of all data passing through an interface? This, I realize, would be a processor heavy task, but it would only be (ideally) done for certain network segments (I.E. those that have specifically requested or paid for it.) I'm looking at a lot of the big commercial products right now and the one word that comes to mind is expensive. Many of the less expensive talk about being able to handle "4000 simultaneous connections". I shrug and giggle at that. This is server farm country. I don't care about VPN or ipsec security. I don't care about having a DMZ (many of these servers would be in the dmz on a traditional corporate LAN). I just care about something being (A) Adaptive and (B) transparent (not all of the big ones out there will do this). Any suggestions? -Dan Mahoney -- "You're a thucking reyer!" -Richard Bozzello, who believed tongue piercing was painless. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message