Educause Security Discussion mailing list archives

Re: classifying P2P traffic

From: David Boyer <David () BVU EDU>
Date: Tue, 29 Jan 2008 08:58:16 -0600

We're using a Fortigate 500A, and it's working well for us. Our traffic logs indicate it's catching our P2P traffic. 
For encrypted traffic like Ares it uses the signature of the initial (unencrypted) handshake and stops it at that 
point. It also uses signatures to properly classify P2P traffic on random ports or other service ports, (like port 80).

"Youngquist, Jason R." <jryoungquist () CCIS EDU> 8:49 AM 1/29/2008 >>>

What devices are you using to monitor P2P traffic and how well are they
working for you?  Is there some P2P traffic that you believe your
monitoring software isn't catching?  Ie. encrypted traffic, outdated P2P
definitions from the vendor, etc.


Thanks.
Jason Youngquist
jryoungquist () ccis edu

Current thread:

classifying P2P traffic Youngquist, Jason R. (Jan 29)
- <Possible follow-ups>
- Re: classifying P2P traffic David Boyer (Jan 29)
- Re: classifying P2P traffic Consolvo, Corbett D (Jan 29)
- Re: classifying P2P traffic Greene, Chip (Jan 29)
- Re: classifying P2P traffic Hughes, Scott (Jan 29)
- Re: classifying P2P traffic Justin Dover (Jan 29)
- Re: classifying P2P traffic Julian Y. Koh (Jan 29)
- Re: classifying P2P traffic Alex (Jan 29)
- Re: classifying P2P traffic Harris, Michael C. (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Lutzen, Karl F. (Jan 29)

(Thread continues...)