Google
  Web www.spinics.net

Re: How to fight with encrypted p2p

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


As you might have seen, these are words from ipp2p author:

"""

I have seen some pieces of code from ipoque which can detect encypted bittorrent
and edonkey traffic. Unforunately, this code will not work with
iptables, because it needs
more information about the flow history and the history of an ip address.

Right now, I do not have the time and the money to develop a filter
like this, but
if you are interested in a developement in this direction, please contact me.

"""

I *think* that we need something like a "bittorrent helper" in the
kernel to keep this extra information about the flow history and then
an iptables plugin to match. What do you think? Maybe we could contact
him to know what kind of information is it?


On Nov 12, 2007 9:17 AM, sawar <sawar@xxxxxxxxxx> wrote:
> Rtorrent which I use sometimes have ability to completely disable plain text
> communication :
>
> man rtorrent
>               allow_incoming  (allow incoming encrypted connections),
> try_outgoing (use encryption for outgoing connections), require (disable
> unencrypted  handshakes),  require_RC4  (also  disable  plaintext
> transmission  after  the initial encrypted handshake), enable_retry (if the
> initial outgoing connection fails, retry with encryption turned on if it was
> off or off if it was on),  prefer_plain text  (choose  plaintext when peer
> offers a choice between plaintext transmission and RC4 encryption, otherwise
> RC4 will be used).
>
> and many other clients have similar abilities.
> I'm afraid that full encrypted and enabled by default communication is only a
> matter of time and we will lose this "fight" very soon.
>
>
> > Some clients P2P clients are nice about there encryption and negotiate
> > encryption ahead of time using plain communication. I.E. Limewire,
> > Azureus.  However, some just start TLS and that is all you can see.
> >
> > Looking at ipp2ps signatures, I don't see anything that leads me to
> > believe they track that kind of info.
> >
> >
> >
> > David Bierce
> >
> > On Nov 11, 2007, at 9:48 PM, Mohan Sundaram wrote:
> > > sAwAr wrote:
> > >> Hi
> > >> I believe that whole question is in topic. Is there any way to
> > >> recognize ( and then shape ) p2p traffic which is encrypted?
> > >> Modern p2p clients have this ability moreover some of them have
> > >> this enabled by default. Now I'm using ipp2p for iptables but as I
> > >> know this doesn't recognize encrypted traffic.
> > >> Thanks in advance.
> > >> Pozdrawiam
> > >> Szymon Turkiewicz
> > >
> > > Have not tried this. An idea. P2P initiations are not encrypted
> > > AFAIK. Thus connections can be marked and related traffic shaped. If
> > > initiation is also encrypted, then I think we have a serious problem.
> > >
> > > Mohan
> > > _______________________________________________
> > > LARTC mailing list
> > > LARTC@xxxxxxxxxxxxxxx
> > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@xxxxxxxxxxxxxxx
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>



-- 
Marco Casaroli
SapucaiNet Telecom
+55 35 34712377 ext. 5
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux