RE: [LARTC] Intelligent P2P detection

From: "Robert Kryczało" <robert.kryczalo@iscnet.pl>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Intelligent P2P detection
Date: Thu, 27 Mar 2003 16:38:33 +0000	[thread overview]
Message-ID: <marc-lartc-104878331822715@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104857984213566@msgid-missing>

Hi,
> > > That sounds like an interesting idea, provided you have some real
> > > evidence of
> > > this being the case. And this will only work until P2P
> network software
> > > starts to randomly change packet sizes to obfuscate itself. :-(
> >
> > I was told that applications doing it exists. I haven't checked
> it, though.
>
> I haven't heard of an application that does it, but I have always felt
> reasonably sure that it has either already happened or is about to be
> implemented...
Hehe, I agree:)

>
> > > But, I guess we have to work with what we have now, and not worry
> > > about the
> > > future advancements before they happen. :-)
> >
> > Hehe... yes doing something instead of just talking is a good idea:)
>
> Well, for a little while, anyway, until the new version of the
> client comes
> out...
>
The war without end...

> > I think this e-mail is a nice summary. I enjoyed reading it. I could say
> > that I agree your opinions.
>
> Thank you. :-)
You are welcomed.
>
> > Maybe creating free alternatives to shaping software like those from
> > www.dyband.com is a way. People using it are very happy actually. They
> > adapt to network utilization, allow extensive logging, setting different
> > parameters like max bandwidth, ramps, minimum acceptable rate. The main
> > idea is to limit aggresive users and give maximum performance
> and quality
> > (latency, jitter throughput etc.) to standard users. It looks
> very well on
> > paper but I haven't tried dyband yet.... Maybe there is other
> software like
> > this I am not aware of.
>
> I haven't heard about any of them. I am a great believer in "home brewed"
> solutions. :-)
So am I.
>
> The problem you start getting there is that monitoring and
> shaping traffic on
> a 100 Mb pipe will take a huge amount of CPU power, and even that
> will only
> work if the traffic is not encrypted. The only way of attacking
> the problem I
> can think of is by actually attempting to connect to the client
> machine on
> the suspiciously used well known ports, and seeing if it works.
> If it doesn't
> work as expected, you know it's likely to be a P2P application.
>
> I am not sure if you really want to do that, though, as it
> involves active
> port scanning rather than just monitoring, and some of your customers may
> complain...
Well they will for sure in a scenario described by you. But I think you have
misunderstood me. Dyband don't do any scanning or content analyzing. It
works as a bridge modyfing data rate based on IP addresses. You can set up
complicated scheme of bandwidth sharing. You can even automaticaly limit
some "aggresive users" based on their usage. It happens on the fly and is
very "smooth" from client point of view. If a client doesn't use his
bandwidth for a while the limit raises (recharges). It allows ISP or
enterprise to FULLY (i mean nearly 100%) utilize their uplink. You don't do
provisioning:).

Maybe it is the only reasonable solution....

RK

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/