Hi, > -----Original Message----- > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx]On > Behalf Of Gordan Bobic > Sent: Thursday, March 27, 2003 11:17 AM > To: lartc@xxxxxxxxxxxxxxx > Subject: Re: [LARTC] Intelligent P2P detection > > Unfortunately, it gets progressively more difficult when P2P > clients learn to > masquerade as the real protocols, and there is at least one P2P > application > out there that can operate over SMTP, sending valid requests. :-( > The everlasting battle between creators of swords and shields:) If p2p apps start to mimick as other protocols and use encription then content based classificators are of no use. > I hope you are prepared to accept that eventually it all comes down to a > battle of wills between the sysadmins writing filters and the P2P > developers > finding more ways to outsmart the filters. Correct. Anyway there are some other solutions. > That sounds like an interesting idea, provided you have some real > evidence of > this being the case. And this will only work until P2P network software > starts to randomly change packet sizes to obfuscate itself. :-( I was told that applications doing it exists. I haven't checked it, though. > > But, I guess we have to work with what we have now, and not worry > about the > future advancements before they happen. :-) Hehe... yes doing something instead of just talking is a good idea:) > > I hope you will all forgive me for being... restrained (for want of better > word) in my expectations of the success of such network traffic > analysis. It > is a depressing subject to talk about. :-( I think this e-mail is a nice summary. I enjoyed reading it. I could say that I agree your opinions. > > I cannot help but think that this is also starting to get > slightly off-topic > for this mailing list... I think opposite:) Maybe creating free alternatives to shaping software like those from www.dyband.com is a way. People using it are very happy actually. They adapt to network utilization, allow extensive logging, setting different parameters like max bandwidth, ramps, minimum acceptable rate. The main idea is to limit aggresive users and give maximum performance and quality (latency, jitter throughput etc.) to standard users. It looks very well on paper but I haven't tried dyband yet.... Maybe there is other software like this I am not aware of. RK
