--On 11 October 2005 17:15 +0200, David Elze wrote:
Apart from blocking ports I just see two possibilities:
[..]
You might investigate how many source states users would normally use for permitted protocols, how many states are involved with non-permitted use, and (ab?)use max-src-states with an overload table to try and contain the problem. Expect both false positives and false negatives. beck@ recently suggested using overload tables in conjunction with a http redirector to a website saying "you've been {evil|stupid}" <paraphrasing :)> which may be appropriate depending on your client base...
- slow connections down very hard on well known p2p-ports, so the p2p-clients can connect but don't get speed at all (still, other dynamic ports could be used)
that's not a bad idea, but over time I'd not be surprised to see software to test speeds on different ports in an attempt to circumvent this type of thing.
Some other ideas involve proxies - either block everything except to trusted proxies, or permit other traffic but heavily throttle it.
