The behavioral analysis is unfortunately still marketing talk with most DPI technologies.
What most firewall vendors do is detect the headers they know are from P2P applications and identify the traffic based on this. Detection of P2P over SSL or TLS is actually detection of https encapsulated P2P traffic.
I don't think no one has got to detect the file names within P2P traffic yet. But I'd really like to know if it's the case yet as I'm sure it will happen some day.
Florent
On 2 Sep 2011 08:44, "Patrick Jordan-Smith" <
pat@vocus.com.au> wrote:
> On 2/09/2011, at 8:36 AM, Glen Eustace wrote:
>
>> I would be interested in knowing how the various firewall products that claim to provide L7 filtering of P2P manage this. Apparently Fortinet (as an example) can even pick P2P when the connection is using TLS or SSL. Call me a skeptic but I am not sure how they can do this.
>
> A lot of DPI engines include behavioral analysis of traffic now since most protocols follow a predictable behavior it allows them to identify what flows are with reasonable certainty without actually looking in the packets.
>
>
> _______________________________________________
> NZNOG mailing list
>
NZNOG@list.waikato.ac.nz>
http://list.waikato.ac.nz/mailman/listinfo/nznog