Ripper
September 27, 2011, 9:43pm
1
Is there any garanted way to determinate that kind of traffic as utorrent and skype
now I’m trying to do that through l7 rules
using that strings
for
utorrent
\x7F\xFF\xFF\xFF\xAB
very few amount of data detected as utorrents
^(bittorrent protocol|azver$|get/scrape\?info_hash=)|d1:ad2:id20:|'7P\)[RP]
i think there to much unnecessary staff
skype
[\xbc]
^...............
i think there much unnecessary data
Can anybody give me any advice to that right?
normis
September 28, 2011, 11:39am
2
I have heard that latest uTorrent uses some new encryption, so older L7 rules will not work. it’s hard to block the new utorrent, maybe you should work other way - allow good traffic, imply speed limitation, and block unknown traffic. If a person stays within his speed limits, why should you block his torrent?
janisk
September 29, 2011, 10:58am
3
just a note - there are legit uses of torrent, some examples:
RouterOS download
different game distribution (e.g. world of warcraft)
Linux distribution download
to name few.
Ripper
September 29, 2011, 8:35pm
4
i dont block i need to set priority
normis
September 30, 2011, 5:31am
5
in that case, do the opposite, identify good traffic, give it priority, then tag the rest of the traffic as low priority.