nanog mailing list archives
Layer 5+ inspection at the border?
From: Rick Ernst <ernst () easystreet com>
Date: Mon, 25 Aug 2003 09:53:41 -0700 (PDT)
I'm looking for a beast that is roughly a combination of Cisco NBAR and Foundry URL inspection. NBAR worked pretty well for CodeRed, but I'd rather have a dedicated device rather than overloading a router with non-routing functions. I haven't used Foundry's URL inspection, but it looks reasonable, too. I would, however, like something that can do generic Layer 5+ inspection/alteration so things such as SMTP headers can also be inspected and processed/blocked/altered. I'd prefer a switching device that can replace the switches between my border and core, but allow transparent manipulation of the packets, preferably at wire-speed. Any suggestions? The idea is to have a central location that can watch for and block 'bad payload'. It looks like F5 may have a solution, but I'd like comments and experiences from those that have deployed such a device. Thanks, Rick
Current thread:
- Layer 5+ inspection at the border? Rick Ernst (Aug 25)