Re: How to filter based on application protocol being used

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Srikant Tangirala <srikant.bsd@...>

Cc: Reyk Floeter <reyk@...>, <misc@...>

Subject: Re: How to filter based on application protocol being used

Date: Friday, May 9, 2008 - 3:06 am

On Fri, May 09, 2008 at 12:23:47PM +0530, Srikant Tangirala wrote:
quoted text> Thanks for such a prompt reply.
> 
> I will not use Linux even if you pay me. It has been OpenBSD
> for me for past three years and it will remain so as long as
> OpenBSD remains what it stands for.
> 

heh, i like your answer ;)

quoted text> That aside, see, I have used this tool called ourmon successfully
> on OpenBSD to detect P2P traffic and block the users in
> conjunction with authpf and pf. The tool can do other detections
> as well. It matches packets/traffic-patterns with those observed
> by network admins as being related to a specific type of application
> protocol. Payload is not inspected, although a grep may be
> happening. It works by passively monitoring the packets flowing
> by, no kernel stuff involved.
> 

we're working on interfaces to speed up the application layer
relaying, the current way requires to rdr the traffic into userspace,
do a nat lookup on the pf socket, and forward the traffic to the
target with a second inspection. this can be done fast, but there is
some overhead. this may improve in the future when we have the ability
to migrate the relayed connections to forwarding in the kernel after
looking into the l7 header.

quoted text> Just want to know if anyone has come up with a good solution to
> this problem. If there is none yet, fine, we continue with what we
> have or even partial solutions will help a bit.
> 

p2p detection is a very difficult but interesting area. but you can
also mitigate the use with other tricks, like delays, special kinds of
traffic shaping, etc.

quoted text> Thanks for your time.
> 
> Srikant Tangirala.
> 
> On Fri, May 9, 2008 at 11:55 AM, Reyk Floeter <reyk@openbsd.org> wrote:
> 
> > On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote:
> > > for all the common protocols? With my little bit
> > > of knowledge what I figure is that we need some
> > > piece of software(s) which understands each protocol
> > > thoroughly, can look at raw packets in real-time
> > > and detect the protocol being used. Even then,
> >
> > ah, i'm just looking at your mail again - you a are kidding, there is
> > no way to do content inspection in "real-time". go and use linux where
> > you can use stupid and dangerous stuff in the kernel. this is not what
> > openbsd is about.
> >
> > reyk

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 1:10 am)

Re: How to filter based on application protocol being used, jean-philippe luiggi, (Fri May 9, 7:40 am)

Re: How to filter based on application protocol being used, Marcus Andree, (Mon May 12, 7:44 am)

Re: How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 9:35 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 2:25 am)

Re: How to filter based on application protocol being used, Johan Fredin, (Fri May 9, 4:51 am)

Re: How to filter based on application protocol being used, Srikant Tangirala, (Fri May 9, 2:53 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 3:06 am)

Re: How to filter based on application protocol being used, Reyk Floeter, (Fri May 9, 1:58 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Fred .	Please add ZFS support (from GPL sources)
Kristen Carlson Accardi	Re: PCIe Hotplug: NFG unless I boot with card already inserted.
Linus Torvalds	Re: [GIT]: Networking
Chuck Ebbert	Why do so many machines need "noapic"?
git:
Petr Baudis	Re: Cogito: cg-clone doesn't like packed tag objects
Andreas Ericsson	Re: [PATCH] git-merge: add option --no-ff
Junio C Hamano	GIT 0.99.6
Wayne Scott	git-diff-tree rename detection bug
openbsd-misc:
Unix Fan	Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cach...
Edd Barrett	Iwi, wireless bad behavior
jose thomas	Resume - Mumps Developer
Girish Venkatachalam	Ethernet jumbo frames?
netbsd-tech-kern:
der Mouse	Re: mjf-devfs2 branch
Ian Zagorskih	POSIX timer_settime() dosn't set timer in some cases (lost accuracy)
Christos Zoulas	Re: Melting down your network [Subject changed]
Gregory McGarry	Re: Lock benchmarks

Latest forum posts


Linux Bootup hangs after adding RealTime Premption and HR-Timer	7 hours ago	Linux kernel
SATA 2 size problems	8 hours ago	Windows
problem with 2.6 kernel driver for a USB MAG Stripe Reader as HID device.	21 hours ago	Linux kernel
get_user_pages failure	22 hours ago	Linux kernel
Reading linux kernel	1 day ago	Linux kernel
High level of Seagate 2.5" SATA drives failing	1 day ago	Hardware
Resetting the bios password for Toshiba Laptop	1 day ago	Hardware
Linux 2.6.22 slowly RUNS OUT OF LOWMEM	1 day ago	Linux kernel
Questions about modules	2 days ago	Linux kernel
KDB	2 days ago	Linux kernel

Show all forums...

Colocation donated by:

Online users

Syndicate