On 2/09/2011, at 8:36 AM, Glen Eustace wrote:
I would be interested in knowing how the various firewall products that claim to provide L7 filtering of P2P manage this. Apparently Fortinet (as an example) can even pick P2P when the connection is using TLS or SSL. Call me a skeptic but I am not sure how they can do this.
A lot of DPI engines include behavioral analysis of traffic now since most
The behavioral analysis is unfortunately still marketing talk with most DPI
technologies.
What most firewall vendors do is detect the headers they know are from P2P
applications and identify the traffic based on this. Detection of P2P over
SSL or TLS is actually detection of https encapsulated P2P traffic.
I don't think no one has got to detect the file names within P2P traffic
yet. But I'd really like to know if it's the case yet as I'm sure it will
happen some day.
Florent
On 2 Sep 2011 08:44, "Patrick Jordan-Smith"
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog