From: Ralf Staudemeyer <rstaudemeyer@uwc.ac.za>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] management of virus and p2p-traffic
Date: Tue, 22 Jun 2004 16:45:05 +0000 [thread overview]
Message-ID: <1087944327.2861.61.camel@turtle> (raw)
In-Reply-To: <1087839362.4786.0.camel@turtle>
On Tue, 2004-06-22 at 12:01, Ed Wildgoose wrote:
> Ralf Staudemeyer wrote:
>
> >On Tue, 2004-06-22 at 07:20, Ed Wildgoose wrote:
> >
> >
> >
> >>The other stuff is easily possible, but for the number of users that you
> >>have you are going to need to invest some time to write some scripts to
> >>handle mapping users to MAC addresses and make the whole thing
> >>maintainable. There was another post only hours ago from at least one
> >>other person who you might contact to see if they will share some stuff.
> >>
> >>
> >>
> >I wanted to avoid to do that MAC/IP-mapping. Some users have notebooks,
> >some will change their working place and some will buy new hardware they
> >want to connect to the network. This is not maintainable. Also I really
> >do not want to know want the users do with their bandwidth. I just want
> >to assure that things go fair and everyone can work with the network.
> >
> >
>
> Well, in that case your problem gets easy really easy. Just pick up one
> of the prioritisation scripts - I like this one:
>
> http://www.digriz.org.uk/jdg-qos-script/
>
> Then read the LARTC doc so you know what it's doing. At that should be you up and running.
>
> What you will be doing is just classifying traffic based on it's type and ignoring the source, etc completely.
>
It is not such easy since there is still the prioritisation problem.
There are user groups who should not use p2p-traffic (public accessible
machines for only surfing and email), some need some extra bandwidth
(mirrors, powerusers), some need low latency for their Voice-over-IP or
videoconferencing ... things like that. It is quite easy to group them
to five groups.
But I do not know how I should make sure that someone reconfigures the
IP of a public accessible machine to get some extra rights. I thought to
filter this with some transparent bridgewalls. But this makes it
impossible to move with a machine of a higher prioritisation a subnet of
lower prioritisation. The bridgewall will, and should, discard the
packages. Even if I would start collecting MAC addresses it would be
still quite easy to sniff the MAC/IP pair (isn´t it?).
The script looks very promising.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2004-06-22 16:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-21 17:36 [LARTC] management of virus and p2p-traffic Ralf Staudemeyer
2004-06-21 21:06 ` Ed Wildgoose
2004-06-22 4:59 ` Jason Boxman
2004-06-22 10:34 ` Ralf Staudemeyer
2004-06-22 11:20 ` Ed Wildgoose
2004-06-22 15:05 ` Ralf Staudemeyer
2004-06-22 16:01 ` Ed Wildgoose
2004-06-22 16:45 ` Ralf Staudemeyer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1087944327.2861.61.camel@turtle \
--to=rstaudemeyer@uwc.ac.za \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.