RE: [LARTC] Intelligent P2P detection

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>-----Original Message-----
>From: Dawid Kuroczko [mailto:qnex@xxxxxxxxxxxxxxxxxxxxxx]
>Sent: Wednesday, March 26, 2003 10:50 PM
>To: Robert Kryczało
>Cc: Luman; 'Kim Jensen'; lartc@xxxxxxxxxxxxxxx
>Subject: RE: [LARTC] Intelligent P2P detection
>


[...]
>
>A suggestion.  Something which works as more advanced "string" match.
>But instead of a string, we use a "pattern".  Say, something like this:
>
>-p tcp -m pattern --pattern "PORT %Sd, %Dd" --set ftpsession
>
>-p tcp -m pattern --get ftpsession -j MARK ...
>
>...first would look for pattern "PORT %d, %d", first being source
>port (hence: %S), second destination port (hence: %D) and if such
>pattern is found, it is added to a ftpsession list (similar to
>ipt_recent).
>
>Second searches the ftpsession list for such and such ports connection
>and if found it answers it's OK. :-)
>
>...pattern matching should accept \077 style "binary" strings, and
>should not be limited to ascii-decimal "%d" port numbers.  Also
>binary forms, in any order.  And even maybe IPs. :-)))  Simple
>yet powerful..
Yes, it could be. But I think, we need more, something like rule based
expert system, deciding on many factors. As the result, it takes a
decision, what is the content. 

>
>...[ so we code it, and some time passes and then we read announcement
>that KaZaA released new version which mimicks HTTP and uses strong
>cryptography to circumvent our module...  Hopefully it will not come
>to pass, but well... :-)

Even yes, I believe that we can find some pattern in that kind of
traffic, which helps us to determine that this is KaZaa, even it looks
like HTTP. This is what I tried to uncover in my previous mail.

Best regards,
Luman




[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux