Re: classifying P2P traffic

[jkaftan <jkaftan () UTICA EDU>]

Most vendors will allow you to do a trial for 30-60 days.  You really need
the device before you can generate the reports.  Just reporting traffic on
given ports is not going to cut it.

We did a Tipping Point trial and could see all of the P2P traffic.  We ended
up going with the Fortigate as it was also a Firewall\Antivirus UTM.



-----Original Message-----
From: Harris, Michael C. [mailto:HarrisMC () HEALTH MISSOURI EDU]
Sent: Tuesday, January 29, 2008 11:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] classifying P2P traffic

Any suggestions other than Snort or IPAudit for open source or freeware
for monitoring and reporting (not in line blocking)  of how bad the P2P
problem is. Have any ideas on how best to collect the data to make the
justification for purchasing Tipping point or Packeteer. Snort and
IPAudit are fine for playing Wack-A-Mole with P2P by signature or by
port, encryption forces this to a volumetric review but neither is any
good for management reporting to quantify the severity of the problem.


Mike

----Original Message-----
From: Youngquist, Jason R. [mailto:jryoungquist () CCIS EDU]
Sent: Tuesday, January 29, 2008 8:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] classifying P2P traffic

What devices are you using to monitor P2P traffic and how well are they
working for you?  Is there some P2P traffic that you believe your
monitoring software isn't catching?  Ie. encrypted traffic, outdated P2P
definitions from the vendor, etc.


Thanks.
Jason Youngquist
jryoungquist () ccis edu