On Tuesday 25 Mar 2003 08:08, Luman wrote: [detecting P2P] I am not sure, but you could potentially use tcpdump (patched if necessary) to monitor trafic. You could try to detect where there are lots of incoming requests to nodes on specific ports, the analyze those shortlisted packets, and if it is P2P, you could then bounce them. If you leep good logs of what you find, you could try to detect when the port floats away and re-configure your filters. You could also use port scanning to see if it is a genuine idle period or if the port has genuinely moved. I hope your router is fairly heavyweight, as you will need a lot of power to process and analyze packets in anything near real-time. Alternatively, you could cheat. :-) You could specify that traffic on certain well known ports (ssh, http(s), ftp, smtp, pop3(s), imap(s)) goes over the good link. You could then periodically check this traffic to make sure it is not masqueraded P2P. Everything else, you can divert over the cheap link and/or lower it''s priority. Effectively, you can white-list traffic, instead of black-listing it. Good luck. Gordan _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Try this new version of fwstat/FFWGrapher, version 0.91 http://www.geocities.com/mctiew/ffw/InstallationGuide.htm I have integrated parts of iptraf code into it, so now you could remotely monitor IP services based port ( servmon ) and IP services based on connection ( ipmon ) but still remains as one executable. Other links: http://geocities.com/mctiew/ffw/fwstat-0.91.tar.gz http://geocities.com/mctiew/ffw/FFWGrapher-0.91.zip http://geocities.com/mctiew/ffw/FFWGrapherUserGuide1.htm http://geocities.com/mctiew/ffw/FFWGrapherUserGuide2.htm http://geocities.com/mctiew/ffw/FFWGrapherUserGuide3.htm http://geocities.com/mctiew/ffw/FFWGrapherUserGuide4.htm http://geocities.com/mctiew/ffw/FFWGrapherUserGuide5.htm http://geocities.com/mctiew/ffw/FFWGrapherUserGuide6.htm _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Need some advise on how a route can be influenced at the customer premise end. Assuming I have a ADSL connection to the internet with static IP, ie IP for ADSL modem: 210.1.2.85 IP for customer premise: 210.1.2.86 ( Linux ) Default GW for the Linux is configured as the ADSL modem. However, due to whatever reason, we could like to take an alternative route for certain destinations, so we add ( besides default route ) :- route add -host 202.1.2.38 gw 210.48.1.7 However, we found, based on limited information I have, this route never take effect. Is it because the route has been overwritten by the ADSL modem once the packet has been routed through it ? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/