> It is ok when securing server traffic, but becames extremely difficult
> when it comes to client proxy, because there are too many legitimate
> traffic patterns to add :-(


Why not take a 2 week snapshot of normal traffic patterns then create your
ruleset after seeing normal traffic pattern activity.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards

[ Note: This message contains email list management information ]

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?...rch=0x97B43D89

To conquer the enemy without resorting to war is the most
desirable. The highest form of generalship is to conquer
the enemy by strategy." - Sun Tzu
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards