Differences between current version and revision by previous author of FirewallingPeerToPeer.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 5 | Last edited on Thursday, May 26, 2005 3:22:47 pm | by SamCook | |
| Older page: | version 4 | Last edited on Wednesday, May 25, 2005 7:32:58 pm | by ChrisLowth | Revert |
@@ -3,9 +3,9 @@
PeerToPeer applications have become increasingly popular for sharing data, media and other files over the internet. They are designed to allow users to find the files they want on other user's computers, and to download them using a variety of optimised techniques, sometimes without any dependancy on central servers.
For a network administrator, PeerToPeer (P2P) traffic generates a number of challenges. For some, the bandwidth consumption needs controlling. Depending on local policies, it may be to limit the network usage or to prioritise it. For some, concerns about the legal ramifications of the downloading of copyright material may drive them towards logging or (in exteme cases) blocking the protocols altogether.
-If a Linux firewall is to enforce these policies effectively, it must be able to identify the P2P traffic with a high degree of certainty. Sadly, the use of simple rules (such as port-number matching) will not work for many of the existing protocols, and more complex mechanisms have to be employed. One or two P2P applications are designed to be difficult to identify, or to make use of multiple (sometimes; encrypted) protocols in order to bye-pass
firewalling restrictions.
+If a Linux firewall is to enforce these policies effectively, it must be able to identify the P2P traffic with a high degree of certainty. Sadly, the use of simple rules (such as port-number matching) will not work for many of the existing protocols, and more complex mechanisms have to be employed. One or two P2P applications are designed to be difficult to identify, or to make use of multiple (sometimes; encrypted) protocols in order to bypass
firewalling restrictions.
The [P2PWall project|http://www.lowth.com] is focused on providing information and open source software to enable P2P protocols to be identified using a Linux firewall and the Netfilter/Iptables infrastructure. The project currently provides mechanisms for identifying (and blocking) the following protocols..
* Fast-track (used by Kazaa and it's clones).
