[Summary]QoS and P2P

["Paul D. Robertson" <proberts () patriot net>]

Just over a month ago, I asked about QoS features being used to block P2P 
content.  

I got several very detailed answers, which mostly came done one Cisco's 
NBAR as "used to be very good, but hasn't kept up."  NBAR seems to be best 
suited for nuking things like Code Red, which haven't changed signatures 
in the last year.  The P2P applications have changed enough that keeping 
up seems to be paramont to winning.

Packeteer seems to be the most well-spoken of commercial solution, and 
folks who've migrated away from NBAR seem to have gone there and remained 
content.

A few folks suggested firewall solutions, but really didn't add anything 
significant about implementation details or issues.  I do still recall 
Wes' pointer about ISA Server allowing traffic based on application name, 
which might at least stop casual offenders.

Finally, someone suggested that IDS systems were probably the way to go in 
detecting such things.

The biggest hurdle to this seems to be keeping the signatures up to date, 
since these application tend to want to tunnel around any controls placed 
in their way.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards