From: Eliezer Croitoru <eliezer@ngtech.co.il>
To: Ed W <lists@wildgooses.com>
Cc: Andrew Beverley <andy@andybev.com>, netfilter@vger.kernel.org
Subject: Re: New/Updated L7 netfilter option - nDPI
Date: Sun, 28 Oct 2012 18:39:20 +0200 [thread overview]
Message-ID: <508D5FB8.1080000@ngtech.co.il> (raw)
In-Reply-To: <508D5EA6.8040004@wildgooses.com>
On 10/28/2012 6:34 PM, Ed W wrote:
> Actually, just to augment my last answer.
>
> The biggest thing I pick out as "interesting" in nDPI is that it has a
> go at inspecting SSL traffic and odd sub protocols of http (eg Skype,
> Windows Update). Given that we are rapidly seeing everything start to
> look like an HTTP protocol and then there is SSL on top, it's tricky to
> classify stuff like Skype or Facebook traffic. nDPI can do this
> (although would benefit from more work in this area). So if your SSL
> certificate says mail.google.com, then you can guess the "protocol" in
> use...
>
> So if you want a one trick reason to try nDPI, right now you can use it
> to block/prioritise/time-restrict Skype... (or Windows Update, etc)
>
> I have a load of users on expensive satellite connections and I need to
> help protect them from themselves so being able to prevent Windows
> Update from banging 10MB down a $30/MB connection is very helpful. I
> also use your squid patches to do sticky per user conntrack labelling of
> traffic and hence enabling users to choose a traffic profile (so they
> can choose to do the above if they really want to...)
>
> Cheers
>
> Ed W
Or just use WGET to download the internet into you LAN ;)
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
next prev parent reply other threads:[~2012-10-28 16:39 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-24 22:53 New/Updated L7 netfilter option - nDPI Ed W
2012-10-28 8:20 ` Andrew Beverley
2012-10-28 14:57 ` Eliezer Croitoru
2012-11-01 22:03 ` Andrew Beverley
2012-11-01 22:56 ` Ed W
2012-11-02 12:38 ` Lutfi ODUNCUOGLU
2012-11-02 13:40 ` Ed W
2012-11-06 14:13 ` [Ntop-dev] " Eliezer Croitoru
2012-11-04 15:45 ` Andrew Beverley
2012-10-28 16:34 ` Ed W
2012-10-28 16:39 ` Eliezer Croitoru [this message]
2012-10-28 15:07 ` Eliezer Croitoru
2012-10-28 16:03 ` Ed W
2012-10-28 16:51 ` Eliezer Croitoru
2012-10-28 16:57 ` Ed W
2012-10-28 17:57 ` Eliezer Croitoru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=508D5FB8.1080000@ngtech.co.il \
--to=eliezer@ngtech.co.il \
--cc=andy@andybev.com \
--cc=lists@wildgooses.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.