Educause Security Discussion mailing list archives
Re: Do you block P2P ?
From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 3 Sep 2009 23:35:33 -0400
David Gillett wrote:
Skype resembles P2P technology in two key ways: in its making multiple overlapping/simultaneous connections to remote machines that appear more likely to be end-user clients than servers, and in its design assumption that network management is the enemy of the application and its users.
In our experience, the bulk of these connections are small, updating the online status of folks in one's "buddy list." 'Tis true, this can create hundreds of connections from a single client, but the bandwidth consumption remains pretty small, actually. At Oberlin, the academic use outweighs the difficulty of not only managing but protecting the traffic. Your policies, of course, may well vary. The supernode phenomenon can be limited both by one's bandwidth manager and in the Skype setup itself.
Without spending significant money on protocol-analysis boxes that can distinguish between them, it is really hard to block one and permit the other.
I don't have the bandwidth available to operate /without/ a DPI box. We feel it very important to be able to distinguish the important applications from the unwanted on better characterization than simple flow control or connection counts. Our Packetlogic setup still cost us less than the cost of another DS3, and the ongoing cost is far less. What I cannot do, and don't want to get into the business of doing, is differentiating BitTorrent downloads based on copyright or web browsing based on content... -- Celebrating the 150th anniversary of the publication of the Origin of Species. -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! www.calfrye.com, www.pitalabs.com "si duae res sufficient ad ejus veritatem, superfluum est ponere aliam tertiam rem" --William of Ockham (1285-1349)
Current thread:
- Re: Do you block P2P ?, (continued)
- Re: Do you block P2P ? David Gillett (Sep 03)
- Re: Do you block P2P ? Mclaughlin, Kevin (mclaugkl) (Sep 03)
- Re: Do you block P2P ? randy marchany (Sep 03)
- Re: Do you block P2P ? Brian Epstein (Sep 03)
- Re: Do you block P2P ? Cal Frye (Sep 03)
- Re: Do you block P2P ? Kevin Wilcox (Sep 03)
- Re: Do you block P2P ? Guy Pace (Sep 03)
- Re: Do you block P2P ? Todd Humphreys (Sep 03)
- Re: Do you block P2P ? David Gillett (Sep 03)
- Re: Do you block P2P ? Plesco, Todd (Sep 03)
- Re: Do you block P2P ? Cal Frye (Sep 03)
- Re: Do you block P2P ? Mike Porter (Sep 03)
- Re: Do you block P2P ? Wayne Bullock (Sep 04)
- Re: Do you block P2P ? Barros, Jacob (Sep 04)
- Re: Do you block P2P ? Doty, Timothy T. (Sep 04)
- Re: Do you block P2P ? Mike Porter (Sep 04)
- Re: Do you block P2P ? Avdagic, Indir (Sep 04)
- Re: Do you block P2P ? Sweeny, Jonny (Sep 04)
- Re: Do you block P2P ? Gary Flynn (Sep 04)
- Re: Do you block P2P ? Bob Bayn (Sep 04)
- Re: Do you block P2P ? Gregg, Christopher S. (Sep 04)
(Thread continues...)