Hello,
> = Supposedly, Gnutella traffic has no particular definitive signature nor
port
> assignments. Is this true?
No, completely Gnutella makes a normal TCP connect to an other station, it's
not different to
other TCP connections, but the it sends the string "GNUTELLA CONNECT/0.4"
and it wants this string back "GNUTELLA OK".
The port Gnutella runs on is just a config thing. User can change it at any
time.
Another bad thing is, that with any connect to another Gnutella host, a list
with gnutella hosts
and the ports they run on, is transmitted. So just blocking ports is not the
way. You got one connect
on a free port and you got em all ..
btw. If you in use FW-1 services with resources like http with some sort of
script stripping, gnutella can
not connect through this port! (if it's just http without resource, gnutella
can use it !)
The gnutella hostlist is also available on the gnutella homepage
http://gnutella.org
maybe blocking this is not so bad at all !
> An ounce of strategy is worth many pounds of tactics. I like to foment a
wide-
> ranging discussion here about what the wider ramifications are, how we all
see
> Gnutella's opportunities and hazards and how we are going to live with it.
> How do we even monitor it, much less throttle it?
>
Monitoring is difficult. Well if you got a host in your net wich is having
much
connections to other hosts >10 (and it is not a server :) ) and this host is
making lots of
traffic, you probably got one.
If you can sniff the traffic of that host. gnutella traffic is recognizable
(you will see many
mp3 things and other stuff!!).
Cu,
Oliver Kuhl
Medizinische Informatik RWTH Aachen
DV-Medizin - Netzwerkmanagment
Tel.: (0241)80-89598
---------------------------------------------------------------
"Being a UNIX Administrator is like being a Navy SEAL: a small,
elite group of people with access to the most sophisticated
technology in the world, who everyone calls on to get the really
tough jobs done quickly and efficiently."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
