P2P blocking

[Danial Thom]

--- KrzychK2 <krzychk2 at o2.pl> wrote:

> Hello freebsd-isp!
> 
> I'd like to ask, is there any packet using
> kernel module for rejecting
> p2p traffic by packet matching??
> 
> Snort isn't an option for me, because it very
> overloads system at high
> traffic and it's very slow.
> 
> I'm thinking about something for netgraph
> subsystem.

There are commercial add-ons  for FreeBSD 4.x
(ET/BWMGR (www.etinc.com) comes to mind), but
what you want to do is best done with a dedicated
device. Its very CPU-intensive, as every TCP
header has to be checked and connections need to
be tracked. Its not as simple as looking for a
pattern in a packet, because once a transfer has
initiated the packets don't have any signatures
that can be identified. 

Danial


		
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free. 
http://music.yahoo.com/unlimited/