koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to keyboard5684
Re: Still sounds like....
None of the p2p applications use IETF-registered protocol numbers; they're all completely variable, which is why it's generally impossible to filter (similar to IRC servers in respect of implementation).
I've never seen any of those products until now -- thanks for pointing out that stuff like this does exist. I'm always proud to be wrong, especially when learning new things. 
--
Making life hard for others since 1977. |
|
keyboard5684
join:2001-08-01
Youngsville, PA
 ·Teliax VOIP
 ·WestPAnet Inc.
 ·WestPAnet Inc. CA..
| reply to koitsu
They would not need a layer 7 device.
p2p operates in generally the same ports. It is not difficult to block or slow those particular ports.
There are plenty of devices out there, in case you did not want to use a router, that can be put "into a line" to control traffic. You would be surprised how many ISPs do use these devices. PacketShaper is one that comes to mind or maybe even etinc. Here are a few of the links...
»www.etinc.com
»www.packeteer.com/
»www.logisense.com/traffic_home.html
Juniper and Cisco are not the only products available. PacketShaper is a carier class design and can take gigabit links I believe. I have seen these at ISPs.
|
|
SRFireside
join:2001-01-19
Houston, TX
| reply to Brown2
... or maybe the coalition of reverse vampires in conjunction with the Rand Corporation are purposefully keeping P2P programs from working so kids stop the Internet and go outside more. The more the kids stay outside the more the group can silently do what they planned all along... DOING AWAY WITH SUPPERTIME!!!! |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| reply to Brown2
Pretty unlikely; maintaining a list of all the centralised server IPs would be a real PITA (they'll change once the server administrators find out they're being blocked -- another reason p2p is shady), not to mention would bog the router down quite a bit. Routers are supposed to just blindly push packets; the more time they spend analysing IP headers, the less time they have to push packets.
Not to mention, if they were to filter p2p "effectively", they would need something like a layer 7 filtering device -- and you sure as hell won't find one of these on any ISP, since the degree of service degredation would be through the ROOF. Analysing IP headers takes enough time as-is -- analysing entire data packets for specifically-formatted strings, usually matching a regex, would take an immense amount of time. No product I know of right now from Juniper or Cisco can do this.
--
Making life hard for others since 1977. |
|
stet
Volitar Prime
join:2002-03-08
Warren, MI | reply to Brown2
...or maybe they were trying it out to see what the reaction would be... |
|
Brown2
@lpl.com
| they had a bad router or something and finally were able to track it down and fix it. Or they installed a filter some were to monitor P2P traffic and that was accidentally miss configured. Which caused the blocking.
Again some would love to spread FUD on any item they can to say "Oh mister ISP is being a bad guy and blocking my P2P access". Just so they can get the masses up in a panic over it. |
|
