Janus Perspective

From: David Wagner (dawat_private)
Date: Thu Apr 12 2001 - 17:25:18 PDT

Next message: David Wagner: "intercepting system calls"

Previous message: Celestial Wizard: "Front End ??"
In reply to: Crispin Cowan: "Janus Perspective"
Next in thread: Chris Wright: "Janus Perspective"
Reply: Chris Wright: "Janus Perspective"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Crispin Cowan  wrote:
>> >     Can we extend ipfirewalling/ipchains/iptables to allow firewalling
>> >     rules to be specified on a per-process basis?
>
>We're in the middle of doing that for SubDomain, although we're not
>using the ip* family to do it.

Out of curiousity: How do you plan to handle incoming packets?
How do you tell which process an incoming packet is destined for?

(Some students in my security class proposed one possible trick
for handling this, but I'm curious to hear what your plans are.
The trick is very clever, but it has some practical drawbacks.)

Next message: David Wagner: "intercepting system calls"
Previous message: Celestial Wizard: "Front End ??"
In reply to: Crispin Cowan: "Janus Perspective"
Next in thread: Chris Wright: "Janus Perspective"
Reply: Chris Wright: "Janus Perspective"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:26 PDT