Re: classifying P2P traffic

[Michael Hornung <hornung () WASHINGTON EDU>]

I've looked at L7-Filter (http://l7-filter.sourceforge.net/) and it is an
interesting approach.  I have not found a really satisfactory way to build
reporting around it, but my current thinking is that something pretty good
could be born out of an Argus and L7-Filter hybrid with some burly
post-processing to link, for example, top talkers with the applications
their flows have matched.

___________________________________________________
 Michael Hornung          UW Technology
 hornung () washington edu   University of Washington

On Tue, 29 Jan 2008 at 10:50, Harris, Michael C. wrote:

|Any suggestions other than Snort or IPAudit for open source or freeware
|for monitoring and reporting (not in line blocking)  of how bad the P2P
|problem is. Have any ideas on how best to collect the data to make the
|justification for purchasing Tipping point or Packeteer. Snort and
|IPAudit are fine for playing Wack-A-Mole with P2P by signature or by
|port, encryption forces this to a volumetric review but neither is any
|good for management reporting to quantify the severity of the problem.
|
|Mike
|
|----Original Message-----
|From: Youngquist, Jason R. [mailto:jryoungquist () CCIS EDU]
|Sent: Tuesday, January 29, 2008 8:50 AM
|To: SECURITY () LISTSERV EDUCAUSE EDU
|Subject: [SECURITY] classifying P2P traffic
|
|What devices are you using to monitor P2P traffic and how well are they
|working for you?  Is there some P2P traffic that you believe your
|monitoring software isn't catching?  Ie. encrypted traffic, outdated P2P
|definitions from the vendor, etc.