[unisog] Inbound traffiic from Internet

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Jun 14 22:26:36 GMT 2006


On Wed, 14 Jun 2006 15:08:13 CDT, Velasquez Venegas Jaime Omar said:

> Several captures at peak times of the problematic traffic lead me to
> conclude that it should be some way of streaming over http 

And this, my friends, is what happens when you firewall off a lot of ports.  If
port 80 is the only port likely to make it out, it *will* get used for non-HTTP
stuff as well.  Except that instead of just comparing 2 bytes in the packet
header to tell what the packet is, now you need to do some really deep packet
inspection. Also, now that everything has been squished onto 80 and 443, it's
not as easy to use QoS and Packeteers and the like to shape the traffic.

In our collective zeal to micromanage and hypercontrol the traffic, we've
essentially killed off some of our most useful tools to control it....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060614/12bc69de/attachment.bin 


More information about the unisog mailing list