I would look at a commercial web filtering product like Smartfilter and then run this on top of Squid, all inside your firewall/router/traffic shaping box. And then use Smartfilter to restrict downloads of any MP3 or other stuff like that. The Smartfilter subscription should keep up with the rapidly moving IP Addresses of these things and then you can set filtering policies at an application level. Imho it's a losing battle to set application filtering policies at the packet level. - Greg Scott -----Original Message----- From: GoMi [mailto:gomiuk@xxxxxxxxxxx] Sent: Tuesday, May 13, 2003 7:54 AM To: lartc@xxxxxxxxxxxxxxx Subject: [LARTC] KaZZaa and connection sequences -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, i am having big touble wiht traffic shaping and kazza, by any reason, it seems to collapse all the system. I have a firewall to stop users using p2p programs during day time, and then its totally free for them to access anywhere during night-time. First problem Problem... KaZZa During day-time, there are kazza servers accepting connections on pot 80, and because i cant filter that port, my users can dowload. I have tried to study the sequence of kazza programs using tcpdump, but i got no conclusions, Does anybody know how to distinguish between HTTP connections and KaZZa? Second Problem... KaZZa (hehehe) During night-time, i register lots of ack packets due to kazza programs, anybody in the same situation? I just red about layer-7 filtering, but i cant change my kernel right now, so i want to try as much as i can with packet filtering.. Anybody here? Thank You GoMi -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPsDqz37diNnrrZKsEQKkTwCeMuH0YpDT7Qxg6XMdycivAYUqgM4AniF0 fo6yBE3P1OqqZrKHt5t7fxaf =Z00o -----END PGP SIGNATURE-----
