Path: utzoo!attcan!sobmips!uunet!samsung!usc!apple!sun-barr!newstop!sundc!sundc.East.Sun.COM!tgsmith From: tgsmith@sundc.East.Sun.COM (Tim Smith - Consultant Sun Baltimore) Newsgroups: comp.dcom.lans Subject: Re: Smart filtering within a protocol on bridge/router? Summary: cisco can do it- proteon probably can't Message-ID: <10810@sundc.East.Sun.COM> Date: 16 Nov 89 15:19:13 GMT References: <2598@aecom.yu.edu> Sender: news@sundc.East.Sun.COM Reply-To: tgsmith@sundc.East.Sun.COM (Tim Smith - Consultant Sun Baltimore) Organization: Sun Microsystems, Vienna, VA Lines: 46 In article <2598@aecom.yu.edu> glen@aecom.yu.edu (Glen M. Marianko) writes: >Anyone ever hear of a bridge or router that can filter traffic within >a protocol. Like tell the box to "filter all TELNET traffic" or >"allow only SMTP traffic" either globally or for individual nodes. >Granted, this is rather esoteric - but security is the concept >here. cisco routers can do exactly what you want. Their filtering is really flexible and their boxes are real fast and real reliable. They can filter on source/destination IP net/addr, protocol, and TCP/UDP port numbers. I once had a host that was killing one of my vaxes with a mail loop. The folks responsible for the offending machine were unable/unwilling to fix things so I installed a filter in the cisco to ONLY block smtp traffic from the offending host to the offended host. The clowns on the offending host were a bit confused before I told them what I had done- "Well we can ping them, rlogin to them, telnet to them, but we can't get mail to them. What the hell is going on?" Made my host happy and also convinced them to fix their host. Proteon's can do filtering on source net, dest net, and maybe a little more. Their filtering is not as sophisticated as cisco`s. Contact info: cisco systems 1360 Willow Road Menlo Park, CA 94025 (800) 553-6387 Proteon 508-898-3100 NB: Usual disclaimers apply. I don't have any financial interest in either company. I have worked with both companies hardware. Tim Smith - Technical Consultant US mail:Sun Microsystems E-mail: 6797 Dorsey Road internet:tgsmith@sunbalt.east.sun.com Suite 4 uucp :sundc!timsmith Baltimore, MD 21227 MaBell :(301)379-5000 As goes without saying(but will be said anyway): If I were speaking for sun you would be paying to hear it.