----- Original Message -----
From: "Rogelio Serrano" <[EMAIL PROTECTED]>
To: "Philippine Linux Users' Group (PLUG) Technical Discussion List"
<[email protected]>
Sent: Thursday, April 06, 2006 11:11 AM
Subject: Re: [plug] Blocking GNUTELLA Nets
there is no way you can stop p2p. when the packets are all encrypted
then you are stumped.
not really... p2p programs are intelligent enough to circumvent firewalls
from layer 3 to 4... you have to use layer 7 filtering (content inspection)
to stop them by looking at their protocol fingerprints, signatures or
patterns because they hop from one tcp port to another tcp port and changing
destination ip address based on the list of their successful connections
before and update other peers for those active ip addresses...
p2p makers realize that blockers are doing content inspection of data to
block their program and that is why encryption of data is their next
strategy... although it is hard to inspect encrypted data... you can still
block them.... how? majority of firewalls are passive... it is time to be
active... one method that i can think of is to let the firewall probe the
source ip address by initiating a p2p connection to it... once connected...
then you can easily block its source ip address...
fooler.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
