This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Re: this is realy wrong

Posted by: Anonymous [ip:] on November 21, 2007 07:12 PM
You are quite correct. You can't stop *applications* this way. We're in the middle of a major botnet infestation that uses TCP 80 as its control channel. We want to block the botnet traffic, but not normal Web surfing.

The title should be changed. I was expecting to see something akin to Cisco's Network-Based Application Recognition (NBAR), which actually does block application data, regardless of the port. Packeteer PacketShapers will do it, too.


Return to Blocking specific network applications with iptables