From: Scott Lamb <slamb@slamb.org>
To: netfilter@lists.netfilter.org
Subject: Re: how to block kazaa ?
Date: Tue, 25 Feb 2003 23:28:23 -0600 [thread overview]
Message-ID: <3E5C5077.9020905@slamb.org> (raw)
In-Reply-To: <200302252242.25175.netfilter@newkirk.us>
Joel Newkirk wrote:
> But newer implementations apparently support port-hopping, so it seems
> that the only confirmed way to stop it with iptables is with the STRING
> match from patch-o-matic, and block anything with the string "kazaa"
> (don't recall case requirements) in it. Compiling a custom
> kazaa-blocking kernel may be more than you want to do, though.
This strikes me as a pretty bad idea; it'll block more than just kazaa
packets. For one thing, it would block a description of how to implement
the block, unless it were obfuscated to get past itself, which seems
silly to me. And maybe people talking about kazaa also. And even random
binary sequences aren't that unlikely to have problems. The odds of a
given seven random bytes matching are only 1/2^(5*8)=1/2^40. But if you
transfer 1GB/day, multiply that by (2^30)/5. Then you're talking about
odds of 5 in 1024 that you'll have at least one random packet blocked
per day. I predict emails, compressed files, etc. that won't transfer
for no apparently reason because part of it consistently won't transfer.
> Also, if the primary bottleneck is outbound, you might find that using
> the mangle table in prerouting to set TOS for certain desirable traffic
> and enacting pfifo queuing discipline will help a great deal - IE change
> TOS to a favorable value (0x10 perhaps) for specific traffic like HTTP
> SMTP POP3 IMAP or any VNC or such and then setting TOS to a 'bulk
> traffic' value (0x02 for example) for the remainder, or for the P2P
> traffic if it is identifiable. The pfifo qdisc will always send the
> 0x10 traffic, and send 0x02 only if there is nothing else waiting to be
> sent.
I like this much more. It solves the real problem of bandwidth usage
while still allowing them to do it. And I'll guess that the port hopping
only moves on if it doesn't work, not if it has a less favorable TOS
value. So it will stay on the easily-identifiable ports. Or like you
said, you could increase the TOS for packets you're sure aren't P2P
stuff if that doesn't work out.
Scott
next prev parent reply other threads:[~2003-02-26 5:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-26 2:44 how to block kazaa ? inghau
2003-02-26 3:42 ` Joel Newkirk
2003-02-26 5:07 ` Nimit Gupta
2003-02-26 7:00 ` Joel Newkirk
2003-02-26 7:21 ` hare ram
2003-02-26 5:28 ` Scott Lamb [this message]
2003-02-26 4:20 ` Arnt Karlsen
-- strict thread matches above, loose matches on Subject: below --
2003-02-26 6:07 Joel Newkirk
2003-02-26 6:41 lawrence Of Arabia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E5C5077.9020905@slamb.org \
--to=slamb@slamb.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox