From mboxrd@z Thu Jan 1 00:00:00 1970 From: Grant Taylor Date: Tue, 13 Nov 2007 15:09:32 +0000 Subject: Re: [LARTC] How to fight with encrypted p2p Message-Id: <4739BE2C.1020708@riverviewtech.net> List-Id: References: <20071112015107.4ECBBEB2BB@f05.poczta.interia.pl> In-Reply-To: <20071112015107.4ECBBEB2BB@f05.poczta.interia.pl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On 11/11/07 19:51, sAwAr wrote: > Is there any way to recognize ( and then shape ) p2p traffic which is > encrypted? Modern p2p clients have this ability moreover some of > them have this enabled by default. Now I'm using ipp2p for iptables > but as I know this doesn't recognize encrypted traffic. Does this mean that we are down to handling traffic based on the sustained stream(s)? I.e. how long the streams have been active, how many packets per second, how many streams a given end point has, speed of traffic, average size of packets? Encrypted or not, I believe all traffic can be somewhat recognized by its usage pattern(s). However there may be more false positives. We may end up recognizing what we know as good and putting the rest at a lower class of service. Thought's / comments / objections / flame wars? Grant. . . . _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc