Hi all,
as a WISP, we are fightng our battle against P2P every day…
P2P is identified with mangle for port different than well known ports (>1024) and redirected through dedicated connection (MT default gateway).
A big problem is represented by P2P on port 80, like Rapidshare. This traffic is not identified as P2P, but is considered as normal web traffic… a disaster !!!
Rapidshare has many servers around the Internet and newer are added avery day, so it is almost impossible have an updated list of its servers IP address to limits traffic to/from these IP addresses.
With MT DNS client & cache http://www.mikrotik.com/testdocs/ros/2.9/ip/dnscache.php Rapidshare IP addresses will be stored (in cache), every time they are requested by customers.
If it might be possible to add these IP address to a MT address list dinamically (with a script), traffic to/from this address list will be mangled as P2P and problem will be solved.
Could it be possible to write a script to do this? Any advice?
Very interesting option is ‘connection-bytes’ in firewall/mangle, it allows you to filter/mark/limit connections that are exceeding specific limit (somehow determine which request is to open web-page and which is download file).
Yes sergejs,
this might be a solution, but to mangle a connection and establish limits for this (if port 80 is used), I do have to know its IP address to differentiate it from all the others, so DNS it’s back again…
I don’t want to limit users that download software from web site (antivirus trials, updates, etc…) but I don’t want to give them the opportunity to download P2P files all day long from hosting sites like Rapidshare. Since know a small number of them have discovered this “Eldorado”, but as this voice goes around our Internet connection will be saturated by this type of downloads. Unfortunately for WISPs bandwidth is a very precious resource and not be wasted…
I suppose that a script will be easier be written if DNS cache information are available in a file (.txt o .csv), could this be possible?
Use proxy to drop or down priority of downloading from rapidshare.com
Actually for stop or make priority for file transferring on port 80 it is the way to use layer 7 classifier.
Regular expression, good knowledge in C and some other types of packet marking is needed to do the better.
Hi tgrand,
this is already done (port < 1024) as described in my post.
The problem is that P2P on port 80 (file sharing hosting as Rapidshare) is identified (based on its port traffic) as normal http traffic instead of P2P…
Please note that Rapidshare traffic is normal http traffic on port 80, the same “normal browsing” traffic.
The only difference is that on RapidShare servers are stored files to be shared.
Definetly, it is not P2P traffic but simply “P2P content”.
it doesn’t seem that cpresto understands what p2p is.
rapidshare is recognized as http precisely for the reason that it is http. p2p content? what’s that? I can put my work documents on rapidshare. it doesn’t mean that everything on rapidshare is pirated programs.
rapidshare is regular file download from www page over http. the same as you download netinstall from http://www.mikrotik.com !
Probably I’ve not been clear enough…
From my post it should be clear that I perfectly understood that Rapidshare is normal http traffic, and this is exactly the problem !!!
I do refer to Rapidshare as P2P because it is used like this: with P2P you leave your PC on and download files 24h a day. This is ok if a “normal” P2P program is used, because trafficic on these ports (> 1024) can be mangled and putted into queues to be filtered.
With Rapidshare (and similars) this is not possible, because it is not P2P traffic, but it is simple http traffic… 24h a day at maximum rate allowed for the customer that is using it: a disaster!!!
The only way (in my understanding) to identify this type of traffic is to identify Rapidshare servers, using DNS request from customers: if a customer looks for “rs181l3.rapidshare.com” (please look @ my second reply to this post), MT DNS proxy replies “195.122.131.182” and store this entry into its cache.
Now I simply check DNS entry cache every two/three days, and add Rapidshare address to MT address list named “Rapidshare”: traffic to/from this address list is queued together with P2P traffic. I’m trying to understand if this process might be automated using a script.
Unfortunately it is not possible to identify Rapidshare traffic with the whole 195.0.0.0/8 network, 2^24-2 are too many servers also for Rapidshare and for sure in this huge range other normal web sites are hosted.
Yes,
you can download files one by one from Rapidshare but, due to their nature (software, porno video,…) customers spend ours a day downloading files.
Burst limitations might be a solution, but IP server identification is necessary as well, otherwise this will be applied also for other web downloads. Blocking it entirelly is not a (polite) solution.
