Educause Security Discussion mailing list archives
Re: classifying P2P traffic
From: Michael Hornung <hornung () WASHINGTON EDU>
Date: Tue, 29 Jan 2008 09:06:20 -0800
I've looked at L7-Filter (http://l7-filter.sourceforge.net/) and it is an interesting approach. I have not found a really satisfactory way to build reporting around it, but my current thinking is that something pretty good could be born out of an Argus and L7-Filter hybrid with some burly post-processing to link, for example, top talkers with the applications their flows have matched. ___________________________________________________ Michael Hornung UW Technology hornung () washington edu University of Washington On Tue, 29 Jan 2008 at 10:50, Harris, Michael C. wrote: |Any suggestions other than Snort or IPAudit for open source or freeware |for monitoring and reporting (not in line blocking) of how bad the P2P |problem is. Have any ideas on how best to collect the data to make the |justification for purchasing Tipping point or Packeteer. Snort and |IPAudit are fine for playing Wack-A-Mole with P2P by signature or by |port, encryption forces this to a volumetric review but neither is any |good for management reporting to quantify the severity of the problem. | |Mike | |----Original Message----- |From: Youngquist, Jason R. [mailto:jryoungquist () CCIS EDU] |Sent: Tuesday, January 29, 2008 8:50 AM |To: SECURITY () LISTSERV EDUCAUSE EDU |Subject: [SECURITY] classifying P2P traffic | |What devices are you using to monitor P2P traffic and how well are they |working for you? Is there some P2P traffic that you believe your |monitoring software isn't catching? Ie. encrypted traffic, outdated P2P |definitions from the vendor, etc.
Current thread:
- classifying P2P traffic Youngquist, Jason R. (Jan 29)
- <Possible follow-ups>
- Re: classifying P2P traffic David Boyer (Jan 29)
- Re: classifying P2P traffic Consolvo, Corbett D (Jan 29)
- Re: classifying P2P traffic Greene, Chip (Jan 29)
- Re: classifying P2P traffic Hughes, Scott (Jan 29)
- Re: classifying P2P traffic Justin Dover (Jan 29)
- Re: classifying P2P traffic Julian Y. Koh (Jan 29)
- Re: classifying P2P traffic Alex (Jan 29)
- Re: classifying P2P traffic Harris, Michael C. (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Lutzen, Karl F. (Jan 29)
- Re: classifying P2P traffic jkaftan (Jan 29)
- Re: classifying P2P traffic Alex (Jan 29)
- Re: classifying P2P traffic Samuel Young (Jan 29)
- Re: classifying P2P traffic Cal Frye (Jan 29)
- Re: classifying P2P traffic John Kristoff (Jan 29)
- Re: classifying P2P traffic Dan Oachs (Jan 29)
- Re: classifying P2P traffic Cal Frye (Jan 29)
- Re: classifying P2P traffic John Kristoff (Jan 30)
- Re: classifying P2P traffic Valdis Kletnieks (Jan 30)
(Thread continues...)