As you might have seen, these are words from ipp2p author: """ I have seen some pieces of code from ipoque which can detect encypted bittorrent and edonkey traffic. Unforunately, this code will not work with iptables, because it needs more information about the flow history and the history of an ip address. Right now, I do not have the time and the money to develop a filter like this, but if you are interested in a developement in this direction, please contact me. """ I *think* that we need something like a "bittorrent helper" in the kernel to keep this extra information about the flow history and then an iptables plugin to match. What do you think? Maybe we could contact him to know what kind of information is it? On Nov 12, 2007 9:17 AM, sawar <sawar@xxxxxxxxxx> wrote: > Rtorrent which I use sometimes have ability to completely disable plain text > communication : > > man rtorrent > allow_incoming (allow incoming encrypted connections), > try_outgoing (use encryption for outgoing connections), require (disable > unencrypted handshakes), require_RC4 (also disable plaintext > transmission after the initial encrypted handshake), enable_retry (if the > initial outgoing connection fails, retry with encryption turned on if it was > off or off if it was on), prefer_plain text (choose plaintext when peer > offers a choice between plaintext transmission and RC4 encryption, otherwise > RC4 will be used). > > and many other clients have similar abilities. > I'm afraid that full encrypted and enabled by default communication is only a > matter of time and we will lose this "fight" very soon. > > > > Some clients P2P clients are nice about there encryption and negotiate > > encryption ahead of time using plain communication. I.E. Limewire, > > Azureus. However, some just start TLS and that is all you can see. > > > > Looking at ipp2ps signatures, I don't see anything that leads me to > > believe they track that kind of info. > > > > > > > > David Bierce > > > > On Nov 11, 2007, at 9:48 PM, Mohan Sundaram wrote: > > > sAwAr wrote: > > >> Hi > > >> I believe that whole question is in topic. Is there any way to > > >> recognize ( and then shape ) p2p traffic which is encrypted? > > >> Modern p2p clients have this ability moreover some of them have > > >> this enabled by default. Now I'm using ipp2p for iptables but as I > > >> know this doesn't recognize encrypted traffic. > > >> Thanks in advance. > > >> Pozdrawiam > > >> Szymon Turkiewicz > > > > > > Have not tried this. An idea. P2P initiations are not encrypted > > > AFAIK. Thus connections can be marked and related traffic shaped. If > > > initiation is also encrypted, then I think we have a serious problem. > > > > > > Mohan > > > _______________________________________________ > > > LARTC mailing list > > > LARTC@xxxxxxxxxxxxxxx > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > _______________________________________________ > > LARTC mailing list > > LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > -- Marco Casaroli SapucaiNet Telecom +55 35 34712377 ext. 5 _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
