Page 1 of 1
P2P Blocking
Posted: Wed Dec 13, 2006 2:54 pm
by centsi
Hi.
Using a general P2P blocking filter was working very nicely until this week, when we have noticed emule getting through - perhaps using the "protocol obfuscation" setting.
Also another client called "ares", which I believe uses gnutella, seems to be getting through, and I am concerned that bittorrent etc may well be.
Has anyone else noticed this?
I suspect this is part of an ongoing arms race between those of us that want to block p2p and those of us that want to use it, but I wish to be certain that there is no problem on our particular installation.
If this is due to P2P companies improving their protocols, can we expect that the Mikrotik programmers will be looking in to improving the blocking?
BTW we are none the less very impressed with Mikrotik.
Cheers.
Posted: Wed Dec 13, 2006 3:03 pm
by sergejs
Ares protocol can only be droped, speed limiting is impossible for it, matcher p2p=warez is used for that.
As well encrypted torrent can be only dropped.
Posted: Wed Dec 13, 2006 9:45 pm
by changeip
My first run in with p2p was this week. I packet marked all high port to high port connections > 10240 and it seemed to help - is this standard practice to throttle high to high connections to fight p2p? The standard queue with p2p enabled was only catching about 25% of it.
Sam
Posted: Thu Dec 14, 2006 1:02 am
by titius
please can you explain that a little better.
@sergejs
encrypted torrent CANT be dropped, if it can please write it how to
Posted: Thu Dec 14, 2006 8:23 am
by sergejs
I can offer two ways to drop p2p traffic,
- first method, to mark connections with appropriate p2p mark on the firewall mangle, then drop them.
- second method, use firewall to allow known traffic and drop anything else.
Posted: Thu Dec 14, 2006 10:16 am
by normis
If i remember correctly - uTorrent can't be dropped, Azureus can. There is no way how to detect it, the traffic is encrypted, all the packets are different, there is no way of telling that is uTorrent's traffic.
Posted: Thu Dec 14, 2006 10:36 am
by janisk
every week someone is discussing how to drop p2p traffic, or limit it somehow.
every week new topic.
if you took "oh mighty" search and searched dropping p2p, limiting p2p you would finally bump on
macgaiver's post how to
drop encrypted
p2p
and please, remember - encrypted traffic is encrypted for a cause - so noon really sees what is going on there. if start to decrypt it - we would violate any known privacy regulations/rules
good luck
EDIT:
for those who do not know where is search button:
http://forum.mikrotik.com//viewtopic.php?p=55425#55425
Posted: Thu Dec 14, 2006 10:56 am
by mortin
I noticed that also the marking rule is no more effective. The only clue whats come to me is mark selected traffic like http, ftp, pop3, smtp, some communicators and give them higher prioriety. All the rest of traffic mark as other garbage and give it the lowest priorety.
Marcin
Posted: Thu Dec 14, 2006 11:08 am
by janisk
yes, that is solution, but creating that you have to be very careful. and for majority it is somehow complicated due to limited knowledge of ROS
good luck.
Posted: Mon Apr 23, 2007 4:21 am
by ldvaden
Does a new week begin on Sunday or Monday?
Nomination for this week: <
http://tools.ietf.org/html/rfc4594>, especially Figure 3.
Fair use excerpt:
------------------------------------------------------------------
| Service | DSCP | DSCP | Application |
| Class Name | Name | Value | Examples |
|===============+=========+=============+==========================|
|Network Control| CS6 | 110000 | Network routing |
|---------------+---------+-------------+--------------------------|
best regards/ldv