HI
I have a bridge running ipp2p blocking Ares traffic and others protocols.
This bridge works fine buts since two weeks can''t block Ares traffic.
All
protocols block fine but Ares not (upload and download).
Somebody are using ipp2p blocking the latest Ares version ?
My system settings are:
kernel : 2.6.13
iptables: 1.3.3
ipp2p: 0.81 rc1
iptables -L -v output:
Chain FORWARD (policy ACCEPT 53M packets, 22G bytes)
pkts bytes target prot opt in out source
destination
2321K 194M DROP all -- any any anywhere
anywhere ipp2p
v0.8.1_rc1 --kazaa --gnu --edk --dc --bit --apple --soul --winmx
--ares --mute --waste --xdcc
Thanks for any help.
roberto
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
Jabber ID: rpereyra@lugmen.org.ar
For reliable and professional DNS, use DNS Made Easy!
http://www.dnsmadeeasy.com/u/14989
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hi, Did you try using L7-filter to block Ares? http://l7-filter.sourceforge.net/protocols Regards, ro0ot Roberto Pereyra wrote:> HI > > I have a bridge running ipp2p blocking Ares traffic and others protocols. > > This bridge works fine buts since two weeks can''t block Ares traffic. > All protocols block fine but Ares not (upload and download). > > Somebody are using ipp2p blocking the latest Ares version ? > > My system settings are: > > kernel : 2.6.13 > iptables: 1.3.3 > ipp2p: 0.81 rc1 > > iptables -L -v output: > > Chain FORWARD (policy ACCEPT 53M packets, 22G bytes) > pkts bytes target prot opt in out source destination > 2321K 194M DROP all -- any any anywhere anywhere ipp2p > > > v0.8.1_rc1 --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares --mute --waste --xdcc > > Thanks for any help. > > roberto > > > -- > Ing. Roberto Pereyra > ContenidosOnline > Servidores BSD, Solaris y Linux > Soporte técnico ISPs > Jabber ID: rpereyra@lugmen.org.ar <mailto:rpereyra@lugmen.org.ar> > > For reliable and professional DNS, use DNS Made Easy! > http://www.dnsmadeeasy.com/u/14989 > ------------------------------------------------------------------------ > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote:> This bridge works fine buts since two weeks can''t block Ares traffic. All > protocols block fine but Ares not (upload and download). > > Somebody are using ipp2p blocking the latest Ares version ?Did you already contact the author about this? If the Ares protocol changed, you''ve practically got a new protocol there, which requires it''s own pattern for matching. If you can provide details about the new protocol (by dumping Ares packets or something) and help with testing, it should be not that hard to fix, provided the new protocol isn''t something nasty. In case of a protocol change, other projects (like l7-filter) should suffer from this problem too. Maybe it''d be a good idea to test them and inform the authors as well. Regards Andreas Klauer
> If you can provide details about the new protocol (by dumping >Ares packets or something) and help with testing, it should be not thathard>to fix, provided the new protocol isn''t something nasty.Hi How I can dump Ares packages ? Thanks roberto ---------- Forwarded message ---------- From: Andreas Klauer <Andreas.Klauer@metamorpher.de> Date: 23-feb-2006 11:12 Subject: Re: [LARTC] ipp2p don''t block Ares To: Roberto Pereyra <pereyra.roberto@gmail.com> Cc: lartc@mailman.ds9a.nl On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote:> This bridge works fine buts since two weeks can''t block Ares traffic. All > protocols block fine but Ares not (upload and download). > > Somebody are using ipp2p blocking the latest Ares version ?Did you already contact the author about this? If the Ares protocol changed, you''ve practically got a new protocol there, which requires it''s own pattern for matching. If you can provide details about the new protocol (by dumping Ares packets or something) and help with testing, it should be not that hard to fix, provided the new protocol isn''t something nasty. In case of a protocol change, other projects (like l7-filter) should suffer from this problem too. Maybe it''d be a good idea to test them and inform the authors as well. Regards Andreas Klauer -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Thu, Feb 23, 2006 at 12:12:16PM -0300, Roberto Pereyra wrote:> How I can dump Ares packages ?There are a number of tools for this, for example tcpdump. You should really talk to the developer(s) about this, it depends on what they need. Dumping Ares packets specifically is a bit hard, since it seems that you can''t match them - so you''d have to dump everything. You can increase the probability of getting Ares packages in a dump by doing this on an empty link that contains nothing but Ares traffic, or by similar criteria (e.g. dump packets of IPs that do nothing but Ares). Anyway, contact the author and see what he suggests. Most likely only the packets that open a connection are of interest. Regards Andreas Klauer
Hi, Andreas Klauer wrote:> On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote: > >>This bridge works fine buts since two weeks can''t block Ares traffic. All >>protocols block fine but Ares not (upload and download). >> >>Somebody are using ipp2p blocking the latest Ares version ? > > > Did you already contact the author about this? If the Ares protocol changed, > you''ve practically got a new protocol there, which requires it''s own pattern > for matching. If you can provide details about the new protocol (by dumping > Ares packets or something) and help with testing, it should be not that hard > to fix, provided the new protocol isn''t something nasty.Ares is a proprietary protocol and they change their signatures (even the login signatures) with every new version. AFAIK ipp2p should block the newest version of ares (at least the login). Traffic shaping does not work at the moment, because ares encrypts the data connections with an unknown method and without any good signatures. I will check the newest version of ares this week and update the ares pattern if needed. My real job keeps me very busy at the moment (and I have been ill for three weeks now), but I will try to bring out a new version of ipp2p with some bug fixes very soon. Klaus, maintainer of ipp2p
Hi Klaus>AFAIK ipp2p should block the newest version of ares (at least the >login).Yes, ipp2p block latest version Ares login (looks connecting ...) but without connecting upload and download files. I have the same bridge setup and some weeks back the blocking worked well. How I can help you ? roberto 2006/2/26, Klaus <klaus@ipp2p.org>:> > Hi, > > > Andreas Klauer wrote: > > On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote: > > > >>This bridge works fine buts since two weeks can''t block Ares traffic. > All > >>protocols block fine but Ares not (upload and download). > >> > >>Somebody are using ipp2p blocking the latest Ares version ? > > > > > > Did you already contact the author about this? If the Ares protocol > changed, > > you''ve practically got a new protocol there, which requires it''s own > pattern > > for matching. If you can provide details about the new protocol (by > dumping > > Ares packets or something) and help with testing, it should be not that > hard > > to fix, provided the new protocol isn''t something nasty. > > Ares is a proprietary protocol and they change their signatures (even > the login signatures) with every new version. > > AFAIK ipp2p should block the newest version of ares (at least the > login). Traffic shaping does not work at the moment, because ares > encrypts the data connections with an unknown method and without any > good signatures. I will check the newest version of ares this week and > update the ares pattern if needed. > > My real job keeps me very busy at the moment (and I have been ill for > three weeks now), but I will try to bring out a new version of ipp2p > with some bug fixes very soon. > > Klaus, > maintainer of ipp2p > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
2006/2/27, Roberto Pereyra <pereyra.roberto@gmail.com>:> > > > Hi Klaus > > >AFAIK ipp2p should block the newest version of ares (at least the > >login). > > Yes, ipp2p block latest version Ares login (looks connecting ...) but > without connecting upload and download files. > > I have the same bridge setup and some weeks back the blocking worked well. > > How I can help you ? > > roberto > > > > > 2006/2/26, Klaus <klaus@ipp2p.org>: > > > > Hi, > > > > > > Andreas Klauer wrote: > > > On Thu, Feb 23, 2006 at 09:26:48AM -0300, Roberto Pereyra wrote: > > > > > >>This bridge works fine buts since two weeks can''t block Ares traffic. > > All > > >>protocols block fine but Ares not (upload and download). > > >> > > >>Somebody are using ipp2p blocking the latest Ares version ? > > > > > > > > > Did you already contact the author about this? If the Ares protocol > > changed, > > > you''ve practically got a new protocol there, which requires it''s own > > pattern > > > for matching. If you can provide details about the new protocol (by > > dumping > > > Ares packets or something) and help with testing, it should be not > > that hard > > > to fix, provided the new protocol isn''t something nasty. > > > > Ares is a proprietary protocol and they change their signatures (even > > the login signatures) with every new version. > > > > AFAIK ipp2p should block the newest version of ares (at least the > > login). Traffic shaping does not work at the moment, because ares > > encrypts the data connections with an unknown method and without any > > good signatures. I will check the newest version of ares this week and > > update the ares pattern if needed. > > > > My real job keeps me very busy at the moment (and I have been ill for > > three weeks now), but I will try to bring out a new version of ipp2p > > with some bug fixes very soon. > > > > Klaus, > > maintainer of ipp2p > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > -- > Ing. Roberto Pereyra > ContenidosOnline > Servidores BSD, Solaris y Linux > Soporte técnico ISPs > Jabber ID: rpereyra@lugmen.org.ar > > For reliable and professional DNS, use DNS Made Easy! > http://www.dnsmadeeasy.com/u/14989 > > > -- > Ing. Roberto Pereyra > ContenidosOnline > Servidores BSD, Solaris y Linux > Soporte técnico ISPs > Jabber ID: rpereyra@lugmen.org.ar > > For reliable and professional DNS, use DNS Made Easy! > http://www.dnsmadeeasy.com/u/14989 >-- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs Jabber ID: rpereyra@lugmen.org.ar For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc