[nsp] NBAR, Gnutella and 'match protocol http url'
Matt Stevens
matt at elevate.org
Mon Jun 30 09:49:46 EDT 2003
No thoughts on this from anyone?
Just thought I'd ping the list again, since it may have been overlooked by some.
--
matt
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Stevens
> Sent: Wednesday, June 25, 2003 12:52 PM
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] NBAR, Gnutella and 'match protocol http url'
>
>
> I'm doing some testing with NBAR - with the main goal of
> policing Fasttrack andGnutella based P2P traffic.
>
> It seems that the Kazaa2 PDLM does a pretty good job of recognizing
> Kazaa/Fasttrack and allowing it to be controlled. The Gnutella based traffic
on
> the other hand seems to be relatively unaffected. The gnutella PDLM seems to
be
> port-based and not able to track the connections when they use non-standard
> ports.
>
> In the same vein trying to match gnutella traffic using 'match protocol http
> url' statements seems to have no effect, since matching url's also seems
> confined to traffic on port 80.
>
> Is this what others have experienced as well?
>
> The testing I'm doing is on a 2621 running 12.2(11)T8 with the kazaa2 pdlm
added
> - since that's all that will fit in 64M RAM/16M Flash. Eventually this will be
> deployed on 7206VXR's. Have the PDLM's been improved any in newer releases -
or
> am I seeing pretty much what one would expect?
>
> Thanks for any insight you all can lend.
> --
> matt
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list