Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: 3Com router filtering
From: brian @ lloyd . com (Brian Lloyd)
Date: Mon, 11 Jul 94 15:01 PDT
To: firewalls @ greatcircle . com

I have done some research and have received a number of responses about the
packet filtering capability of 3Com routers which I thought that I would
share since I asked the question in the first place.

I was correct in that older versions of the 3Com router filters required
you to specify the offset from the beginning of the packet.  This would
break in the presence of IP options or special encapsulation (the offsets
are different if the datagram is encapsulated in PPP or Ethernet).

The current release of 3Com router code allows you to specify the offset
from the beginning of the current header.  For instance, if the filter is
to be applied to a TCP header, the offset specified is from the beginning
of the TCP header and not from the beginning of the whole transmission
unit.  This will continue to work properly even in the presence of IP
options.

Thanks to everyone for their replies.


Brian Lloyd, President                         Lloyd Internetworking
brian @
 lloyd .
 com                                3031 Alhambra Drive
(916) 676-1147 - voice                         Suite 102
(916) 676-3442 - fax                           Cameron Park, CA  95682



Indexed By Date Previous: Re: Vendor Recommendations
From: Keren Nick <nick @ server . uwindsor . ca>
Next: subcribe
From: kidaj @ ustcunclass . safb . af . mil (John H. Kida)
Indexed By Thread Previous: Sniffing - warning
From: Christopher Klaus <cklaus @ shadow . net>
Next: Re: 3Com router filtering
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>

Google
 
Search Internet Search www.greatcircle.com