All of lore.kernel.org
 help / color / mirror / Atom feed
From: Gordan Bobic <lartc@bobich.net>
To: lartc@vger.kernel.org
Subject: Fwd: Re: [LARTC] Intelligent P2P detection
Date: Tue, 25 Mar 2003 17:59:44 +0000	[thread overview]
Message-ID: <marc-lartc-104861548224692@msgid-missing> (raw)

On Tuesday 25 Mar 2003 08:08, Luman wrote:

[detecting P2P]

I am not sure, but you could potentially use tcpdump (patched if necessary)
 to monitor trafic. You could try to detect where there are lots of incoming
 requests to nodes on specific ports, the analyze those shortlisted packets,
 and if it is P2P, you could then bounce them. If you leep good logs of what
 you find, you could try to detect when the port floats away and re-configure
 your filters. You could also use port scanning to see if it is a genuine
 idle period or if the port has genuinely moved.

I hope your router is fairly heavyweight, as you will need a lot of power to
process and analyze packets in anything near real-time. Alternatively, you
could cheat. :-)

You could specify that traffic on certain well known ports (ssh, http(s),
 ftp, smtp, pop3(s), imap(s)) goes over the good link. You could then
 periodically check this traffic to make sure it is not masqueraded P2P.
 Everything else, you can divert over the cheap link and/or lower it's
 priority.

Effectively, you can white-list traffic, instead of black-listing it.

Good luck.

Gordan

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

                 reply	other threads:[~2003-03-25 17:59 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-104861548224692@msgid-missing \
    --to=lartc@bobich.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.