Trying to catch P2P traffic



  • hello I wonder, is it possible to catch all P2P traffic using snort rules… I know there is a rule catchall for P2P but some P2P soft use the port 80 which has higher priority in my shaper. I upgraded snort package, so there is possibility to make some changes in rule configuration but only one thing You can change, is disable the rule or change port number. Nothing else.
    Any ideas, solutions?
    I didn't notice, but maybe there is someone, who is working on it  ???
    In my opinion, that feature will be very helpfull with traffic engineering. In other way, all shaping play does not make sense, as far as You allow P2P travelling free through the firewall.
    :-
    Michael



  • use the catch all rule, the idea is that you allow them to connect but then you limit the amount of bandwidth they can actually take up.  set the max up/down on your p2p queue to like 5kb.  It will think it can connect so it won't search for other ports to use.  Besides most p2p clients only listen on port 80



  • hmm I do not want to block P2P, that is simple with snort ruleset… I'd like to limit these type traffic effectively. Will be great to redirect all P2P to separated designated queue.
    Nowdays I have lot off outgoing P2P traffic on http port, beside I'm trying to shape fairly all traffic.


Locked