Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!SRLVX0.SRL.FORD.COM!damian
From: damian@SRLVX0.SRL.FORD.COM ("Jerry Damian")
Newsgroups: comp.protocols.tcp-ip
Subject: Reducing the risks when connecting to an internet
Message-ID: <9011260544.AA01255@ucbvax.Berkeley.EDU>
Date: 26 Nov 90 04:26:00 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14

In article <3768@stl.stc.co.uk> neil@stc.co.uk is looking for a way to
filter on specific IP services such as TELNET, SMTP, FTP, etc. 

You can use Cisco routers to do this quite effectively. You can use their
extended access controls to filter on source and destination address as
well as port number. However, be aware that the Cisco ability to process
packets without dropping any is proportional to the size of the access
list. You can minimize the size of the lists by permitting/denying packets
by subnet rather than by IP address. Better to put this burden on a router
than a host that is probably used for something else...

Jerry Damian
Ford Motor Co.
damian@srlvx0.srl.ford.com