PacketHound Gets New Tracking Abilities
The appliance operates in passive mode and sits in the network traffic flow, monitoring inbound and outbound connections, much as a firewall does. The difference is that PacketHound uses a database of signatures to look for application usage instead of monitoring TCP ports the way that firewalls do.
The appliance will find and block applications or protocols that the administrator has identified as undesirable. It does so by injecting into the traffic flow a reset packet, which then closes the offending connection. The system can also allow certain types of traffic through and then kill the connection once the traffic reaches a certain bandwidth threshold.
The idea is to cut down on bandwidth costs and security risks produced by users connecting to file-sharing networks, Web sites that deliver streaming media and other potentially time-consuming applications.
"Its meant to be complementary to a firewall," said Eric Schnack, chief operating officer at Palisades Systems, based in Ames, Iowa. "We take a different approach, and look for application usage by detecting signatures in the traffic flow."
PacketHound 2.2 adds new tracking functionality capable of presenting information on rogue connections down to the packet level. It gathers data on the number of bytes and packets, the duration of the connection and the number of active and terminated connections.
All of the data is presented in a GUI on the administrators desktop. There is also a new feature that produces a real-time list of the top 10 Web sites users are visiting, giving management a convenient list of targets to block.
The system comes with more than 70 pre-defined rules that enable administrators to manage or block such applications as AOL Instant Messenger, Gnutella, Hotmail and others. Customers can also write custom rules to block other troublesome applications or protocols.
PacketHound 2.2 is available now, and pricing starts at $2,600.