On Tue, 25 Mar 2003, Robert Kryczało wrote:
> >Yes, if there isn't any proper tool already, the conntrack could be a
> >good template for the beginning.
> Some nice features to think about:
> - ability to mark different p2p software (kazaa,dc,e-mule,WinMX etc.)
> - ability to mark new connections
> - ability to limit sessions (trough -m limit).
A suggestion. Something which works as more advanced "string" match.
But instead of a string, we use a "pattern". Say, something like this:
-p tcp -m pattern --pattern "PORT %Sd, %Dd" --set ftpsession
-p tcp -m pattern --get ftpsession -j MARK ...
...first would look for pattern "PORT %d, %d", first being source
port (hence: %S), second destination port (hence: %D) and if such
pattern is found, it is added to a ftpsession list (similar to
ipt_recent).
Second searches the ftpsession list for such and such ports connection
and if found it answers it's OK. :-)
...pattern matching should accept \077 style "binary" strings, and
should not be limited to ascii-decimal "%d" port numbers. Also
binary forms, in any order. And even maybe IPs. :-))) Simple
yet powerful...
...[ so we code it, and some time passes and then we read announcement
that KaZaA released new version which mimicks HTTP and uses strong
cryptography to circumvent our module... Hopefully it will not come
to pass, but well... :-)
Regards,
Dawid
--
http://www.muppetlabs.com/~breadbox/bf/
+++++[>++++++<-]>++[>+>++>+++>++++<<<<-]>>++++.>+.>---------.<++++++++.--
---.<<.>+++++++.>>--.---.---.<-.>+++++++++++.<++++++++.++++.>>++++++++++.
