On Wed, Feb 15, 2012 at 4:43 PM, aki <aki275@gmail.com> wrote:
@Dennis, IMHO. This and all other useless-belong in the garbage tin- Open Source egde security systems cannot handle "dark networks", ever followed
Aki, Previously I've successfully blocked P2P, skype and bittorent traffic using pure open-source - DPI with application-level signature detection using Snort, feeding rules to iptables on Linux. I know it works even better now than it did then. And that's not the only way it can be done, open-source. That was ages ago, mostly for fun and is definitely not the way Tusker wants to go. He's indicated that he needs a easy-to manage, well-supported commercial solution.
There is a special need, and this need can only be partly implemented at core networks as an ISP or Gateways.
Edge solutions can even simply run on a cisco router ALCs, why force end users to add other products?
Bad idea. Not at the core. Back in my ISP days we had ACLs that blocked well-known bad traffic - NetBIOS, known worms etc. at the edge. But you'd just pointed out - correctly - that such traffic will get around ACLs. The answer is managed services for customers who want their traffic managed for them - and this at a fee. Where the device that handles this sits, is debatable. Should be it a CPE? Maybe. Or somewhere in the provider network? I can't say. Some customers don't want the ISP to touch their traffic. One size doesn't fit all. Regards, Steve