Date: Mon, 28 Nov 2005 07:57:57 -0800 (PST) From: Danial Thom <danial_thom@yahoo.com> To: KrzychK2 <krzychk2@o2.pl>, freebsd-isp@freebsd.org Subject: Re: P2P blocking Message-ID: <20051128155757.39909.qmail@web33313.mail.mud.yahoo.com> In-Reply-To: <1873935578.20051128090041@o2.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--- KrzychK2 <krzychk2@o2.pl> wrote: > Hello freebsd-isp! > > I'd like to ask, is there any packet using > kernel module for rejecting > p2p traffic by packet matching?? > > Snort isn't an option for me, because it very > overloads system at high > traffic and it's very slow. > > I'm thinking about something for netgraph > subsystem. There are commercial add-ons for FreeBSD 4.x (ET/BWMGR (www.etinc.com) comes to mind), but what you want to do is best done with a dedicated device. Its very CPU-intensive, as every TCP header has to be checked and connections need to be tracked. Its not as simple as looking for a pattern in a packet, because once a transfer has initiated the packets don't have any signatures that can be identified. Danial __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051128155757.39909.qmail>