D]>
> Cc: lartc@mailman.ds9a.nl
> Sent: Monday, December 10, 2007 8:37:07 AM (GMT-0500) America/New_York
> Subject: Re: [LARTC] How to fight with encrypted p2p
>
> Hi,
>
> We had similiar problem with p2p, used ipp2p and L7filter together
> before and worked well until clien
er 10, 2007 8:37:07 AM (GMT-0500) America/New_York
Subject: Re: [LARTC] How to fight with encrypted p2p
Hi,
We had similiar problem with p2p, used ipp2p and L7filter together
before and worked well until clients( mostly clever ones) started
getting around it with encryption. We have about 700 wireless
Hi,
We had similiar problem with p2p, used ipp2p and L7filter together
before and worked well until clients( mostly clever ones) started
getting around it with encryption. We have about 700 wireless clients
hitting our network and our network was taking big knocks with guys
using couple of gigs da
I believe "fighting" is the wrong approach. Badly shaping the wrong
traffic is just as bad, if not worse IMO. An ISP in my neck of the
woods plays havoc with encrypted mail (SMTP + TLS as well as IMAPS) as a
result of their P2P fight. Needless to say we no longer use them, and
we encourage clie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I believe "fighting" is the wrong approach. Badly shaping the wrong
traffic is just as bad, if not worse IMO. An ISP in my neck of the
woods plays havoc with encrypted mail (SMTP + TLS as well as IMAPS) as a
result of their P2P fight. Needless to sa
> I believe that whole question is in topic.
> Is there any way to recognize ( and then shape ) p2p traffic which is
> encrypted?
> Modern p2p clients have this ability moreover some of them have this enabled
> by default.
> Now I'm using ipp2p for iptables but as I know this doesn't recognize
Sorry ... I'm little bite tired ...
I mean that we might sponsor Klauss and L7 team to develop this ...
Regards
Sébastien CRAMATTE escribió:
> Klauss,
>
> Could you
> Might be you can sponsor the development ...
>
> Regards
>
> Sébastien
>
>
> Klaus escribió:
>
>> About ipp2p,
>>
>> Right no
Klauss,
Could you
Might be you can sponsor the development ...
Regards
Sébastien
Klaus escribió:
> About ipp2p,
>
> Right now, the battle against p2p is lost with l7 detection from ipp2p,
> l7 filter and others.
>
> Why ?? It is a known fact that pattern matching does not work with full
> encr
About ipp2p,
Right now, the battle against p2p is lost with l7 detection from ipp2p,
l7 filter and others.
Why ?? It is a known fact that pattern matching does not work with full
encrypted P2P handshakes based on DHT key exchange algorithms with byte
padding. You have absolutely no byte pattern a
As you might have seen, these are words from ipp2p author:
"""
I have seen some pieces of code from ipoque which can detect encypted bittorrent
and edonkey traffic. Unforunately, this code will not work with
iptables, because it needs
more information about the flow history and the history of an
Hello ,
Tuesday, November 13, 2007, 5:09:32 PM, you wrote:
> Encrypted or not, I believe all traffic can be somewhat recognized by
> its usage pattern(s). However there may be more false positives. We
> may end up recognizing what we know as good and putting the rest at a
> lower class of serv
On 11/13/07 09:37, Carl-Daniel Hailfinger wrote:
Well, you can surely try. But then again, I have been doing research
(publication pending) in traffic-pattern-based detection of VoIP
flows and peer-to-peer connections. While it usually is easy to find
a pattern matching your particular traffic
On 13.11.2007 16:09, Grant Taylor wrote:
> On 11/11/07 19:51, sAwAr wrote:
>> Is there any way to recognize ( and then shape ) p2p traffic which is
>> encrypted? Modern p2p clients have this ability moreover some of
>> them have this enabled by default. Now I'm using ipp2p for iptables
>> but as
On 11/11/07 19:51, sAwAr wrote:
Is there any way to recognize ( and then shape ) p2p traffic which is
encrypted? Modern p2p clients have this ability moreover some of
them have this enabled by default. Now I'm using ipp2p for iptables
but as I know this doesn't recognize encrypted traffic.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Hi
>
> I believe that whole question is in topic.
> Is there any way to recognize ( and then shape ) p2p traffic which is
> encrypted?
> Modern p2p clients have this ability moreover some of them have this enabled
> by default.
> Now I'm using
Rtorrent which I use sometimes have ability to completely disable plain text
communication :
man rtorrent
allow_incoming (allow incoming encrypted connections),
try_outgoing (use encryption for outgoing connections), require (disable
unencrypted handshakes), require_RC4 (also
Some clients P2P clients are nice about there encryption and negotiate
encryption ahead of time using plain communication. I.E. Limewire,
Azureus. However, some just start TLS and that is all you can see.
Looking at ipp2ps signatures, I don't see anything that leads me to
believe they trac
sAwAr wrote:
Hi
I believe that whole question is in topic.
Is there any way to recognize ( and then shape ) p2p traffic which is encrypted?
Modern p2p clients have this ability moreover some of them have this enabled by default.
Now I'm using ipp2p for iptables but as I know this doesn't reco
Hi
I believe that whole question is in topic.
Is there any way to recognize ( and then shape ) p2p traffic which is encrypted?
Modern p2p clients have this ability moreover some of them have this enabled by
default.
Now I'm using ipp2p for iptables but as I know this doesn't recognize encrypt
19 matches
Mail list logo