Helder Pereira, André Ribeiro, Paulo Carvalho
Tel.: +351 253 604436
Fax.: +351 253 604471
E-mail: pmc at di.uminho.pt
The typical paradigm of identifying network traffic resorting to IP
packet fields or to a set of well-known ports is highly limitative. Due
to profound ongoing changes in the way applications try to hide their
true nature by, for instance, using non default communication ports, a
new challenge is presented to the way traffic classification and
policing is accomplished. We argue and demonstrate that
applicationlayer inspection is a possible and convenient approach to
derive the correct application protocol. This detection and
classification process is of paramount importance to allow an efficient
control of traffic entering the network. Taking pfSense as a case
study, we extend its current layer 3 and 4 classification scheme with
layer 7 (L7) capabilities, providing a powerful solution to
control traffic based on application patterns.
Through the use of L7 containers, the user can easily create a set of
rules for inspection, which will drive lower-level traffic control. In
addition, we propose and implement a mechanism to create automatically
useful application inspection scenarios.differentiating incoming
service calls.