Posted by: Anonymous
on November 21, 2007 07:12 PM
You are quite correct. You can't stop *applications* this way. We're in the middle of a major botnet infestation that uses TCP 80 as its control channel. We want to block the botnet traffic, but not normal Web surfing.
The title should be changed. I was expecting to see something akin to Cisco's Network-Based Application Recognition (NBAR), which actually does block application data, regardless of the port. Packeteer PacketShapers will do it, too.