* Re: [LARTC] ipp2p don't block Ares
2006-02-23 12:26 [LARTC] ipp2p don't block Ares Roberto Pereyra
@ 2006-02-23 13:28 ` ro0ot
2006-02-23 14:12 ` Andreas Klauer
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: ro0ot @ 2006-02-23 13:28 UTC (permalink / raw)
To: lartc
Hi,
Did you try using L7-filter to block Ares?
http://l7-filter.sourceforge.net/protocols
Regards,
ro0ot
Roberto Pereyra wrote:
> HI
>
> I have a bridge running ipp2p blocking Ares traffic and others protocols.
>
> This bridge works fine buts since two weeks can't block Ares traffic.
> All protocols block fine but Ares not (upload and download).
>
> Somebody are using ipp2p blocking the latest Ares version ?
>
> My system settings are:
>
> kernel : 2.6.13
> iptables: 1.3.3
> ipp2p: 0.81 rc1
>
> iptables -L -v output:
>
> Chain FORWARD (policy ACCEPT 53M packets, 22G bytes)
> pkts bytes target prot opt in out source destination
> 2321K 194M DROP all -- any any anywhere anywhere ipp2p
>
>
> v0.8.1_rc1 --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares --mute --waste --xdcc
>
> Thanks for any help.
>
> roberto
>
>
> --
> Ing. Roberto Pereyra
> ContenidosOnline
> Servidores BSD, Solaris y Linux
> Soporte técnico ISPs
> Jabber ID: rpereyra@lugmen.org.ar <mailto:rpereyra@lugmen.org.ar>
>
> For reliable and professional DNS, use DNS Made Easy!
> http://www.dnsmadeeasy.com/u/14989
> ------------------------------------------------------------------------
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] ipp2p don't block Ares
2006-02-23 12:26 [LARTC] ipp2p don't block Ares Roberto Pereyra
2006-02-23 13:28 ` ro0ot
@ 2006-02-23 14:12 ` Andreas Klauer
2006-02-26 19:53 ` Klaus
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Andreas Klauer @ 2006-02-23 14:12 UTC (permalink / raw)
To: lartc
On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote:
> This bridge works fine buts since two weeks can't block Ares traffic. All
> protocols block fine but Ares not (upload and download).
>
> Somebody are using ipp2p blocking the latest Ares version ?
Did you already contact the author about this? If the Ares protocol changed,
you've practically got a new protocol there, which requires it's own pattern
for matching. If you can provide details about the new protocol (by dumping
Ares packets or something) and help with testing, it should be not that hard
to fix, provided the new protocol isn't something nasty.
In case of a protocol change, other projects (like l7-filter) should suffer
from this problem too. Maybe it'd be a good idea to test them and inform
the authors as well.
Regards
Andreas Klauer
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] ipp2p don't block Ares
2006-02-23 12:26 [LARTC] ipp2p don't block Ares Roberto Pereyra
2006-02-23 13:28 ` ro0ot
2006-02-23 14:12 ` Andreas Klauer
@ 2006-02-26 19:53 ` Klaus
2006-02-27 13:08 ` Roberto Pereyra
2006-02-27 13:08 ` Roberto Pereyra
4 siblings, 0 replies; 6+ messages in thread
From: Klaus @ 2006-02-26 19:53 UTC (permalink / raw)
To: lartc
Hi,
Andreas Klauer wrote:
> On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote:
>
>>This bridge works fine buts since two weeks can't block Ares traffic. All
>>protocols block fine but Ares not (upload and download).
>>
>>Somebody are using ipp2p blocking the latest Ares version ?
>
>
> Did you already contact the author about this? If the Ares protocol changed,
> you've practically got a new protocol there, which requires it's own pattern
> for matching. If you can provide details about the new protocol (by dumping
> Ares packets or something) and help with testing, it should be not that hard
> to fix, provided the new protocol isn't something nasty.
Ares is a proprietary protocol and they change their signatures (even
the login signatures) with every new version.
AFAIK ipp2p should block the newest version of ares (at least the
login). Traffic shaping does not work at the moment, because ares
encrypts the data connections with an unknown method and without any
good signatures. I will check the newest version of ares this week and
update the ares pattern if needed.
My real job keeps me very busy at the moment (and I have been ill for
three weeks now), but I will try to bring out a new version of ipp2p
with some bug fixes very soon.
Klaus,
maintainer of ipp2p
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LARTC] ipp2p don't block Ares
2006-02-23 12:26 [LARTC] ipp2p don't block Ares Roberto Pereyra
` (2 preceding siblings ...)
2006-02-26 19:53 ` Klaus
@ 2006-02-27 13:08 ` Roberto Pereyra
2006-02-27 13:08 ` Roberto Pereyra
4 siblings, 0 replies; 6+ messages in thread
From: Roberto Pereyra @ 2006-02-27 13:08 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 2424 bytes --]
Hi Klaus
>AFAIK ipp2p should block the newest version of ares (at least the
>login).
Yes, ipp2p block latest version Ares login (looks connecting ...) but
without connecting upload and download files.
I have the same bridge setup and some weeks back the blocking worked well.
How I can help you ?
roberto
2006/2/26, Klaus <klaus@ipp2p.org>:
>
> Hi,
>
>
> Andreas Klauer wrote:
> > On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote:
> >
> >>This bridge works fine buts since two weeks can't block Ares traffic.
> All
> >>protocols block fine but Ares not (upload and download).
> >>
> >>Somebody are using ipp2p blocking the latest Ares version ?
> >
> >
> > Did you already contact the author about this? If the Ares protocol
> changed,
> > you've practically got a new protocol there, which requires it's own
> pattern
> > for matching. If you can provide details about the new protocol (by
> dumping
> > Ares packets or something) and help with testing, it should be not that
> hard
> > to fix, provided the new protocol isn't something nasty.
>
> Ares is a proprietary protocol and they change their signatures (even
> the login signatures) with every new version.
>
> AFAIK ipp2p should block the newest version of ares (at least the
> login). Traffic shaping does not work at the moment, because ares
> encrypts the data connections with an unknown method and without any
> good signatures. I will check the newest version of ares this week and
> update the ares pattern if needed.
>
> My real job keeps me very busy at the moment (and I have been ill for
> three weeks now), but I will try to bring out a new version of ipp2p
> with some bug fixes very soon.
>
> Klaus,
> maintainer of ipp2p
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
Jabber ID: rpereyra@lugmen.org.ar
For reliable and professional DNS, use DNS Made Easy!
http://www.dnsmadeeasy.com/u/14989
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
Jabber ID: rpereyra@lugmen.org.ar
For reliable and professional DNS, use DNS Made Easy!
http://www.dnsmadeeasy.com/u/14989
[-- Attachment #1.2: Type: text/html, Size: 3807 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] ipp2p don't block Ares
2006-02-23 12:26 [LARTC] ipp2p don't block Ares Roberto Pereyra
` (3 preceding siblings ...)
2006-02-27 13:08 ` Roberto Pereyra
@ 2006-02-27 13:08 ` Roberto Pereyra
4 siblings, 0 replies; 6+ messages in thread
From: Roberto Pereyra @ 2006-02-27 13:08 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 2893 bytes --]
2006/2/27, Roberto Pereyra <pereyra.roberto@gmail.com>:
>
>
>
> Hi Klaus
>
> >AFAIK ipp2p should block the newest version of ares (at least the
> >login).
>
> Yes, ipp2p block latest version Ares login (looks connecting ...) but
> without connecting upload and download files.
>
> I have the same bridge setup and some weeks back the blocking worked well.
>
> How I can help you ?
>
> roberto
>
>
>
>
> 2006/2/26, Klaus <klaus@ipp2p.org>:
> >
> > Hi,
> >
> >
> > Andreas Klauer wrote:
> > > On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote:
> > >
> > >>This bridge works fine buts since two weeks can't block Ares traffic.
> > All
> > >>protocols block fine but Ares not (upload and download).
> > >>
> > >>Somebody are using ipp2p blocking the latest Ares version ?
> > >
> > >
> > > Did you already contact the author about this? If the Ares protocol
> > changed,
> > > you've practically got a new protocol there, which requires it's own
> > pattern
> > > for matching. If you can provide details about the new protocol (by
> > dumping
> > > Ares packets or something) and help with testing, it should be not
> > that hard
> > > to fix, provided the new protocol isn't something nasty.
> >
> > Ares is a proprietary protocol and they change their signatures (even
> > the login signatures) with every new version.
> >
> > AFAIK ipp2p should block the newest version of ares (at least the
> > login). Traffic shaping does not work at the moment, because ares
> > encrypts the data connections with an unknown method and without any
> > good signatures. I will check the newest version of ares this week and
> > update the ares pattern if needed.
> >
> > My real job keeps me very busy at the moment (and I have been ill for
> > three weeks now), but I will try to bring out a new version of ipp2p
> > with some bug fixes very soon.
> >
> > Klaus,
> > maintainer of ipp2p
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
>
>
>
> --
> Ing. Roberto Pereyra
> ContenidosOnline
> Servidores BSD, Solaris y Linux
> Soporte técnico ISPs
> Jabber ID: rpereyra@lugmen.org.ar
>
> For reliable and professional DNS, use DNS Made Easy!
> http://www.dnsmadeeasy.com/u/14989
>
>
> --
> Ing. Roberto Pereyra
> ContenidosOnline
> Servidores BSD, Solaris y Linux
> Soporte técnico ISPs
> Jabber ID: rpereyra@lugmen.org.ar
>
> For reliable and professional DNS, use DNS Made Easy!
> http://www.dnsmadeeasy.com/u/14989
>
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
Jabber ID: rpereyra@lugmen.org.ar
For reliable and professional DNS, use DNS Made Easy!
http://www.dnsmadeeasy.com/u/14989
[-- Attachment #1.2: Type: text/html, Size: 4676 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 6+ messages in thread