P2P detecion

rastod · January 2, 2006, 3:10pm

Hello,

I think that very high part of P2P is using http protocol and is not detected by mikrotik.
Is it possible?
Will mikrotik prepare some actualization of detection enginee?

telephone29 · January 4, 2006, 5:25am

what is not detected? which p2p uses http protocol?

normis · January 4, 2006, 7:44am

as far as we know, all most popular p2p programs are detectable by mikrotik routeros. if you have specific programs that are not detectable, let us know which

hecklertm · January 4, 2006, 7:51am

I know that Kazaa Klite can communicate over port 80, but I probaly tries its default ports first, which you could then identify who is using it through the log of a firewall filter.

normis · January 4, 2006, 8:03am

it doesn’t matter what ports the p2p softwares use, we detect in more clever ways, by analysing the packet content

hecklertm · January 4, 2006, 8:07am

Well, it is reasons like that which has us all using MT

cyb.0rg · January 5, 2006, 12:06am

Dear normis, i know (100% and it was checked many times) that firewall don’t stop p2p bit-torrent traffic
No mistakes! I used different rules, of course drop all-p2p in forward rule, mangle bit-torrent and drop it in rules etc , and after rebooting the same picture -firewall don’t stop bit ttorent traffic…

ver 2.9.6
any ideas ?

normis · January 5, 2006, 6:55am

we also checked and bit torrent IS BEING detected. show us your rules and how did you determine that it is NOT blocked? be sure that already established connections will not be dropped, only new ones.

hecklertm · January 5, 2006, 7:01am

I checked and it works on for me using 2.9.10.

miroxy · January 12, 2006, 11:40pm

Its working in 2.9.6 too, I suggest cyb.0rg to recheck firewall rules

djape · January 13, 2006, 12:55pm

Bit torrent adn all major p2p softwares are being blocked, but Ares and some unknown (I’ll call the customer to ask what is he using) is not being droped.

Cheers all…

HarvSki · January 13, 2006, 1:41pm

I’ve seen BIT TORRENT using port 443, I’m not sure if it is implemeting SSL though if it is then surely MT cannot detect it?

normis · January 13, 2006, 1:49pm

it does NOT matter what ports any P2P software uses. we detect it more advanced, by traffic and packet structure. I am almost certain that they do not use any kind of encryption on their traffic, so don’t worry

HarvSki · January 13, 2006, 1:54pm

That is reassuring, I know it doesn’t matter which port I’ve seen the p2p try all sorts and the MT just marks it, hahahahahaha

yancho · January 13, 2006, 3:16pm

Maybe we should start worry:

YazzY · January 13, 2006, 4:34pm

Just as a side note, you’d lose me as customer the moment you tyrannize me saying what I can and cannot use.
Have a nice weekend

Diganet · January 15, 2006, 9:10pm

Normis, it really could be nice if we could implement our own patterns in the same way as you guys detect P2P.. Protocols like SIP are very needed where i am and i could do a lot more in the market if i was able to queue that kind of traffic.

Regards

Henrik

skordan · January 20, 2006, 11:11am

I see the same the bit komet is working all day (i have p2p blocked from 6am to 11 pm) mayby is the problem with “…already established connections will not be dropped, only new ones.” but what can we doing in such situation ? limiting connections per user ?

Hugh_Hartman · January 21, 2006, 11:33am

Yes- I limit the connection time and the number of connections..

djape · January 22, 2006, 11:26am

@skordan

Do script that will reboot router 6 am and after that all p2p will be droped. Nobody will complain for 30 sec pause in the morning

Cheers…