[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KaZaA/Morpheus and other file sharing

On Sun, Oct 14, 2001 at 02:41:57PM +0200, Christian Wendt wrote:
> I think about the most "intelligent" way to filter all those out would
> be protocoll matching...
> with iptables it's possible to search packets for strings... (not in the
> kernel, needs patch-o-matic) (I'd advice to only search in SYN
> packets... could be CPU Hog)

I've never seen a SYN packet that contained data, and it was my understanding
that they generally (always?) do not. Correct me if I am mistaken.

Also, this will be defeated by encrypted protocols -- if users start to tunnel
through SSL, you don't get to see any of the protocol, and cannot perform

> This would need quite a bit of sniffing and/or protocol workout, but
> ought to be able to get all the peer-peer protocols without
> port-blocking
> (Gnutella seems to use "GNUTELLA CONNECT/0.4", e.g.)

That would work for existing protocols, but doesn't help vs. newer and more
cleverly hidden protocols. As soon as you start blocking in this manner,
P2P apps will adapt as needed.

> MFG,
> Christian Wendt

-- Adam Lydick

Reply to: