[ previous ] [ next ] [ threads ]
 
 From:  Justin Ellison <justin at techadvise dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Call for P2P Protocols
 Date:  Fri, 18 Jun 2004 13:31:16 -0500
On Fri, 2004-06-18 at 12:30, Jose Iadicicco wrote:
> Hey Justin! I am trying the Magic Shaper configuration at two Monowalls at this moment and it
> seems to run perfect, instead, i will try it more time to ensure you that its working perfect.

Good to hear!

> My doubt is what happen when in the future appears new P2P programs with new P2P ports? We will
> need to add this new Programs ports to the mono to ensure all network can browse the internet?

First, it's *very* easy to add ports into the source code, so when new
p2p protocols emerge, we'll be right behind them.

Second, it's just *way* to hard to try and keep up with p2p, as users
can change their ports, tunnel it through proxies, etc.  What we do
instead is to classify what we do want as high priority (web, mail, ftp,
ssh, telnet, etc) and make sure that it overrides everything else.  This
way, no matter what port the p2p is on (unless it's port 25 and packets
are < 100 in size), it will never get priority over your outgoing mail.

Coming from the ISP world, there are a few boxen out there that will
detect p2p on any port (http://www.etinc.com).  My guess is that they do
this by inspecting the payload of every packet, and matching packets
against a list of signatures.  I have no idea if FreeBSD can do this
(iptables can under Linux), but my guess is that the soekris boxes that
a lot of us use would crumble trying to keep up - anyone else have
better input?


Justin
-- 
Justin Ellison <justin at techadvise dot com>
signature.asc (0.2 KB, application/pgp-signature)