RAS> Date: Thu, 2 May 2002 12:23:01 -0400 RAS> From: Richard A Steenbergen RAS> They CAN filter on anything in the headers, it's just a matter of RAS> convincing them that the specific filter you want is something they should RAS> add to their software language and microcode. I'm sure as a core router RAS> vendor they must hear every feature request imaginable and not know which RAS> ones to follow up on. If anyone from Juniper is listening, I can tell you RAS> 4 things to add which will stop all existing packet kiddie tools in their RAS> tracks. But then again, I'd rather just have a language for bitmatching at RAS> any offset. :) And it wouldn't be that hard to have something to compile rulesets into simply assembly, either: movb 0x12(1,%ecx),%al andb $0x34,%al xorb $0x14,%al jz some_destination Oversimplified, yes. But mask-then-test is one of the simpler apps to write. s/x86/chipofchoice/ and have fun. Juniper being based on FreeBSD/x86, perhaps some kernel hooks might be in order for those who wish to write their own code. -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.