P2P detecion

rastod · Mon Jan 02, 2006 5:10 pm

Hello,

I think that very high part of P2P is using http protocol and is not detected by mikrotik.
Is it possible?
Will mikrotik prepare some actualization of detection enginee?

telephone29 · Wed Jan 04, 2006 7:25 am

what is not detected? which p2p uses http protocol?

Wed Jan 04, 2006 9:44 am

as far as we know, all most popular p2p programs are detectable by mikrotik routeros. if you have specific programs that are not detectable, let us know which

hecklertm · Wed Jan 04, 2006 9:51 am

I know that Kazaa Klite can communicate over port 80, but I probaly tries its default ports first, which you could then identify who is using it through the log of a firewall filter.

Wed Jan 04, 2006 10:03 am

it doesn't matter what ports the p2p softwares use, we detect in more clever ways, by analysing the packet content

hecklertm · Wed Jan 04, 2006 10:07 am

Well, it is reasons like that which has us all using MT

cyb.0rg · Thu Jan 05, 2006 2:06 am

Dear normis, i know (100% and it was checked many times) that firewall don't stop p2p bit-torrent traffic
No mistakes! I used different rules, of course drop all-p2p in forward rule, mangle bit-torrent and drop it in rules etc , and after rebooting the same picture -firewall don't stop bit ttorent traffic....

ver 2.9.6
any ideas ?

Thu Jan 05, 2006 8:55 am

we also checked and bit torrent IS BEING detected. show us your rules and how did you determine that it is NOT blocked? be sure that already established connections will not be dropped, only new ones.

hecklertm · Thu Jan 05, 2006 9:01 am

I checked and it works on for me using 2.9.10.

miroxy · Fri Jan 13, 2006 1:40 am

Its working in 2.9.6 too, I suggest cyb.0rg to recheck firewall rules

djape · Fri Jan 13, 2006 2:55 pm

Bit torrent adn all major p2p softwares are being blocked, but Ares and some unknown (I'll call the customer to ask what is he using) is not being droped.

Cheers all...

HarvSki · Fri Jan 13, 2006 3:41 pm

I've seen BIT TORRENT using port 443, I'm not sure if it is implemeting SSL though if it is then surely MT cannot detect it?

Fri Jan 13, 2006 3:49 pm

it does NOT matter what ports any P2P software uses. we detect it more advanced, by traffic and packet structure. I am almost certain that they do not use any kind of encryption on their traffic, so don't worry

HarvSki · Fri Jan 13, 2006 3:54 pm

That is reassuring, I know it doesn't matter which port I've seen the p2p try all sorts and the MT just marks it, hahahahahaha

yancho · Fri Jan 13, 2006 5:16 pm

Maybe we should start worry:

Core Improved: add protocol header encrypt option

YazzY · Fri Jan 13, 2006 6:34 pm

Just as a side note, you'd lose me as customer the moment you tyrannize me saying what I can and cannot use.
Have a nice weekend :)

Diganet · Sun Jan 15, 2006 11:10 pm

it does NOT matter what ports any P2P software uses. we detect it more advanced, by traffic and packet structure. I am almost certain that they do not use any kind of encryption on their traffic, so don't worry

Normis, it really could be nice if we could implement our own patterns in the same way as you guys detect P2P.. Protocols like SIP are very needed where i am and i could do a lot more in the market if i was able to queue that kind of traffic.

Regards

Henrik

skordan · Fri Jan 20, 2006 1:11 pm

I see the same the bit komet is working all day (i have p2p blocked from 6am to 11 pm) mayby is the problem with "...already established connections will not be dropped, only new ones." but what can we doing in such situation ? limiting connections per user ?

Hugh Hartman · Sat Jan 21, 2006 1:33 pm

Yes- I limit the connection time and the number of connections..

djape · Sun Jan 22, 2006 1:26 pm

@skordan

Do script that will reboot router 6 am and after that all p2p will be droped. Nobody will complain for 30 sec pause in the morning

Cheers...

P2P detecion

P2P detecion

p2p detection

Who is online