Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
I thought MT went to great lengths to hide the fact that they are a Linux box with a fancy interface 2009/10/12 Scott Carullo sc...@brevardwireless.com: Yeah cut and paste Scott Carullo Brevard Wireless 321-205-1100 x102 Original Message From: Jeremy Parr jeremyp...@gmail.com Sent: Sunday, October 11, 2009 11:14 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware 2009/10/11 Butch Evans but...@butchevans.com: On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
Many portions of MT is not Linux though. --- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org Link Technologies, Inc -- Mikrotik WISP Support Services WISPA Vendor Member Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training Author of Learn RouterOS -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeremy Parr Sent: Monday, October 12, 2009 9:42 AM To: sc...@brevardwireless.com; WISPA General List Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware I thought MT went to great lengths to hide the fact that they are a Linux box with a fancy interface 2009/10/12 Scott Carullo sc...@brevardwireless.com: Yeah cut and paste Scott Carullo Brevard Wireless 321-205-1100 x102 Original Message From: Jeremy Parr jeremyp...@gmail.com Sent: Sunday, October 11, 2009 11:14 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware 2009/10/11 Butch Evans but...@butchevans.com: On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
It sounds like you have never looked at this in the interface before... Cut from website the regex string you want to match... Paste in MT GUI Then use appropriately Scott Carullo Brevard Wireless (321) 205-1100 x102 On Oct 12, 2009, at 10:41 AM, Jeremy Parr jeremyp...@gmail.com wrote: I thought MT went to great lengths to hide the fact that they are a Linux box with a fancy interface 2009/10/12 Scott Carullo sc...@brevardwireless.com: Yeah cut and paste Scott Carullo Brevard Wireless 321-205-1100 x102 Original Message From: Jeremy Parr jeremyp...@gmail.com Sent: Sunday, October 11, 2009 11:14 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware 2009/10/11 Butch Evans but...@butchevans.com: On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? --- --- --- --- WISPA Wants You! Join today! http://signup.wispa.org/ --- --- --- --- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- --- --- --- WISPA Wants You! Join today! http://signup.wispa.org/ --- --- --- --- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
On Sun, 2009-10-11 at 23:14 -0400, Jeremy Parr wrote: The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? There several of them here: http://www.mikrotik.com/download/l7-protos.rsc -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
On Mon, 2009-10-12 at 09:52 -0500, Dennis Burgess wrote: Many portions of MT is not Linux though. Huh? -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
On Mon, 2009-10-12 at 10:41 -0400, Jeremy Parr wrote: I thought MT went to great lengths to hide the fact that they are a Linux box with a fancy interface From: http://www.mikrotik.com/pdf/what_is_routeros.pdf you will find this: RouterOS is a stand-alone operating system based on the Linux v2.6 kernel, and our goal here at MikroTik is to provide all these features with a quick and simple installation and an easy to use interface. I don't think they are trying to hide their Linux Heritage. :-) -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
MikroTik has a good one on the wiki somewhere. I think it's pretty current. On Sun, Oct 11, 2009 at 1:17 PM, Scott Carullo sc...@brevardwireless.comwrote: Anyone know of a good source for L7 patterns other than the sourceforge L7 list which seems to be outdated / not maintained? Thanks... Scott Carullo Brevard Wireless 321-205-1100 x102 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS Nick Olsen Brevard Wireless (321) 205-1100 x106 From: Jayson Baker jay...@spectrasurf.com Sent: Sunday, October 11, 2009 4:39 PM To: sc...@brevardwireless.com sc...@brevardwireless.com, WISPA General List wireless@wispa.org Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware MikroTik has a good one on the wiki somewhere. I think it's pretty current. On Sun, Oct 11, 2009 at 1:17 PM, Scott Carullo wrote: Anyone know of a good source for L7 patterns other than the sourceforge L7 list which seems to be outdated / not maintained? Thanks... Scott Carullo Brevard Wireless 321-205-1100 x102 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://www.wispa.org/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
2009/10/11 Butch Evans but...@butchevans.com: On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
There is a script under the mikrotik wiki for L7 that will get alot of them. Nick Olsen Brevard Wireless (321) 205-1100 x106 From: Jeremy Parr jeremyp...@gmail.com Sent: Sunday, October 11, 2009 11:14 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware 2009/10/11 Butch Evans : On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Layer 7 patterns for P2P and viruses / malware
Yeah cut and paste Scott Carullo Brevard Wireless 321-205-1100 x102 Original Message From: Jeremy Parr jeremyp...@gmail.com Sent: Sunday, October 11, 2009 11:14 PM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] Layer 7 patterns for P2P and viruses / malware 2009/10/11 Butch Evans but...@butchevans.com: On Sun, 2009-10-11 at 20:54 -0400, Nick Olsen wrote: In my testing most of those don't work, or there isn't one for what i want to do. Only one I currently use in production is the Skype-to-skype L7 for marking skype voip for QOS The L7 filters at sourceforge (http://l7-filter.sourceforge.net/protocols) are accurate and work fine for the most part. I have, yet, to run into one that doesn't. I have to say that my testing has been a little limited, however. I have played with the skype filters and they certainly do work well. To be honest, I've not played with the L7 filters much because it is not often that they are needed. Is there a tool that can import these to a MT box? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
