Firewall Wizards mailing list archives
[Summary]QoS and P2P
From: "Paul D. Robertson" <proberts () patriot net>
Date: Sun, 15 Dec 2002 09:56:38 -0500 (EST)
Just over a month ago, I asked about QoS features being used to block P2P content. I got several very detailed answers, which mostly came done one Cisco's NBAR as "used to be very good, but hasn't kept up." NBAR seems to be best suited for nuking things like Code Red, which haven't changed signatures in the last year. The P2P applications have changed enough that keeping up seems to be paramont to winning. Packeteer seems to be the most well-spoken of commercial solution, and folks who've migrated away from NBAR seem to have gone there and remained content. A few folks suggested firewall solutions, but really didn't add anything significant about implementation details or issues. I do still recall Wes' pointer about ISA Server allowing traffic based on application name, which might at least stop casual offenders. Finally, someone suggested that IDS systems were probably the way to go in detecting such things. The biggest hurdle to this seems to be keeping the signatures up to date, since these application tend to want to tunnel around any controls placed in their way. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [Summary]QoS and P2P Paul D. Robertson (Dec 15)