From: Gordan Bobic <lartc@bobich.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] KaZZaa and connection sequences
Date: Tue, 13 May 2003 13:24:55 +0000 [thread overview]
Message-ID: <marc-lartc-105283267210428@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105283048908146@msgid-missing>
Hi,
> I just red about layer-7 filtering, but i
> cant change my kernel right now, so i want to try as much as i can with
> packet filtering.. Anybody here?
I don't think you will be able to do anything about it without Layer-7
filtering. I think (and I may be wrong in this for the time being) that KaZaA
uses SSL, so reading the payload content is going to be impossible. However,
if there are servers running on port 80, you can see if it looks like a valit
HTTP request. If it doesn't you drop it, because it is probably some kind of
a P2P application using the port.
I don't know how good the current generation of P2P applications is at
masquerading as legitimate HTTP traffic. tcpdump will tell you more about
that.
Unfortunately, there are also likely to be servers out there that run on port
443 (HTTPS), which you probably cannot or don't want to block. And since that
is supposed to run over SSL, you are rather out of luck... Same goes for any
valid port used for SSL communication.
So, in conclusion, even Layer-7 filtering will not help you if/when the
communication is encrypted...
Regards.
Gordan
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-13 13:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-13 12:53 [LARTC] KaZZaa and connection sequences GoMi
2003-05-13 13:24 ` Greg Scott
2003-05-13 13:24 ` Gordan Bobic [this message]
2003-05-13 13:48 ` Ethan Sommer
2003-05-14 6:43 ` rio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105283267210428@msgid-missing \
--to=lartc@bobich.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.