[unisog] Brilliant/Kazaa

Christopher A Bongaarts cab at tc.umn.edu
Thu Apr 4 19:02:30 GMT 2002


As Paul Schmehl once put it so eloquently:

> I think your best bet is to use traffic shapers.  The 
> problems with all these peer to peer apps is that they 
> constantly change ports to avoid blocks.  They even 
> "tunnel" through port 80 (which you obviously can't block) 
> if nothing else works.
> 
> But traffic shapers do layer 7 packet inspection, determine 
> what the service is and then control it if it's "on the 
> list", so the port becomes irrelevant.  We use Packeteer 
> here, and we restrict all "recreational" bandwidth use to 
> 2MB daytime/4MB nights and weekends.

Of course, that only works until they start tunnelling over 443 ;)

(Maybe that just means that solutions like these should be viewed as
short-term or stop-gap solutions that work until the software vendors
work around them again, and spending on them should take this into
account.  OTOH, this encourages the deployment of end-to-end
encryption in applications, which might well be a Good Thing...)

%%  Christopher A. Bongaarts  %%  cab at tc.umn.edu       %%
%%  Internet Services         %%  http://umn.edu/~cab  %%
%%  University of Minnesota   %%  +1 (612) 625-1809    %%



More information about the unisog mailing list