This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Re: this is realy wrong

Posted by: Anonymous [ip: 151.188.247.104] on November 21, 2007 07:12 PM
You are quite correct. You can't stop *applications* this way. We're in the middle of a major botnet infestation that uses TCP 80 as its control channel. We want to block the botnet traffic, but not normal Web surfing.

The title should be changed. I was expecting to see something akin to Cisco's Network-Based Application Recognition (NBAR), which actually does block application data, regardless of the port. Packeteer PacketShapers will do it, too.

#

Return to Blocking specific network applications with iptables