|
Thread Index [isp-wireless] RE: P2P blocking and Mikrotik
Anyone else interested, please contact me off the list. Mike ----- Original Message ----- From: "Travis Johnson" <tlj@ida.net> To: <isp-wireless@isp-wireless.com> Sent: Thursday, October 30, 2003 5:22 PM Subject: [isp-wireless] RE: P2P blocking and Mikrotik | Hi, | | Care to share those three lines of code? :) | | Travis | Microserv | | Michael Bell wrote: | | > We are doing Layer-7 protocol analysis and filtering using Cisco 7000 series | > routers. Since we run an entire Cisco network (please note that my original | > response was to the P2P filtering issue, not Mikrotik specific) it only | > seemed appropriate to use Cisco filtering. | > | > All I can say is that this WORKS. There are no 2 ways about it. The Cisco | > solution is by far the best ISP-ready solution available. I say this from | > experience. We provide networking for several colleges and private schools | > so we do the kind of traffic that would be an ideal case study for this type | > of technology. In the past year, we have tried 5 different solutions and the | > only one that could handle a ATM backbone circuit without falling over dead | > was the Cisco. | > | > We can identify traffic on a per protocol (not port/address) basis which | > even the most sneaky P2P application cannot spoof. Our match rate is over | > 90% with 0% false positives. What this means is that out of all our traffic, | > 90% is identified properly with the remaining 10% being classified as | > 'unknown'. If it identifies a packet of type FTP or KaZaA for example, it is | > ALWAYS an FTP or KaZaA packet. | > | > This type of filtering is the EXACT same thing that cable companies are | > putting into place nation wide. Here in Mass, Our local cable company is | > putting caps on the kazaa downloads and uploads using this type of filter | > but because it only effects that application, web browsing and email are | > totally unaffected. Although they are not admitting to doing this, we have | > confirmed via actual trials that this is indeed what is going on. The trick | > is to figure out what a good speed ratio is and cater to that figure. For | > us, the 1k/s per person is perfectly acceptable since it doesn't impact | > downloading. Less then that would affect search packets and thus be noticed. | > | > And here is the kicker, all that was necessary to start filtering our | > traffic was THREE LINES in the config. With that, every packet that goes in | > or out of our network is protocol tagged and we can do what we want with | > them. | > | > Mike | > | > ----- Original Message ----- | > From: "Bob Ross" <br@kingmanaz.net> | > To: <isp-wireless@isp-wireless.com> | > Sent: Thursday, October 30, 2003 4:01 PM | > Subject: [isp-wireless] RE: P2P blocking and Mikrotik | > | > | 1K/Sec ? | > | | > | I could only get my outbound to only go to 10K before it didn't work at | > all | > | with the TT CPE-AP. | > | | > | I don't see how it works with that. Someone sends a long email 20-30K they | > | will call because their email is hanging. | > | | > | Got a little more info on this to what your doing to fight the P2P? | > | | > | Thanks | > | Bob | > | | > | +++++++++++++++++++++++++++++++ | > | As Seen on The Discovery Channel | > | September & October 2002 !!! - Our | > | Wireless Service Received National | > | Recognition !!! | > | | > | Also Used by the following: | > | | > | VH1-Classic - South Dakota Event | > | Siemens Westing House (Power Plant People) | > | Kiewit Construction (Route 68 Build) | > | Las Vegas Band "Slaughter" | > | The Jethro Tull Band | > | Cast of major motion picture "21 Grams" | > | | > | 928-718-1781 | > | | > | Mail filter key: 86gjk985sxbnljguyl765gfjmkj65frjoh54fdbn0 | > | | > | ----- Original Message ----- | > | From: "Michael Bell" <mikeb-lists@map.com> | > | To: <isp-wireless@isp-wireless.com> | > | Sent: Thursday, October 30, 2003 1:02 PM | > | Subject: [isp-wireless] RE: P2P blocking and Mikrotik | > | | > | | > | > It has been our experience that 99% of the trouble that P2P networks | > cause | > | > is due to outgoing traffic. We have gotten numerous complaints from | > | > customers stating that ever since they got wireless, their computers are | > | > running very slow. EVERY ONE of them was due to having everybody in the | > | > world download from their computer as fast as it can dish it out. The | > RIAA | > | > isn't truly concerned with people downloading the music, they're | > concerned | > | > with people distributing the music. You eliminate people from | > distributing | > | > it, you eliminate people downloading it. | > | > | > | > We have been successfully filtering OUTGOING P2P traffic for over 2 | > months | > | > now and have not had a single complaint. Downloads are just as fast as | > | > before, uploads are just throttled back to 1k/sec. Now the few customers | > | on | > | > our network who believe in the P2P ideals and want to share their music | > | with | > | > the rest of the world, we point them to our TOS which states "no servers | > | > allowed on residential connections" and offer them the business | > | connection. | > | > Never once did we receive a request to switch. Most people have this | > idea | > | > that the Internet is free. It isn't. WE have to pay for the bandwidth | > and | > | > quite frankly, if I have customers complaining about their download | > speeds | > | > due to the 5+ times more outgoing traffic filling the lines, P2P is the | > | > first to go. 8MB/s out vs 2MB/s in is a serious problem regardless of | > how | > | > you look at it. | > | > | > | > Mike | > | > | > | > | > | > | > | > ----- Original Message ----- | > | > From: "Bryan Clark" <bryan@eburg.com> | > | > To: <isp-wireless@isp-wireless.com> | > | > Sent: Thursday, October 30, 2003 2:35 PM | > | > Subject: [isp-wireless] RE: P2P blocking and Mikrotik | > | > | > | > | > | > | Is this P2P blocking feature only available in the 2.8 beta version | > | > | right now? And if not... how do I get in on this action? :) | > | > | | > | > | Gino Villarini wrote: | > | > | | > | > | >we just installed this yesterday too... but we are not blocking p2p, | > we | > | > just | > | > | >gave them a 100 kbps for all to share! they wouldnt know the diff, | > | > because | > | > | >they think the place they're downloading from is slow! | > | > | > | > | > | >Gino | > | > | > | > | > | >-----Original Message----- | > | > | >From: Erik Stave [mailto:erik@pfbiz.com] | > | > | >Sent: Thursday, October 30, 2003 3:05 PM | > | > | >To: isp-wireless@isp-wireless.com | > | > | >Subject: [isp-wireless] P2P blocking and Mikrotik | > | > | > | > | > | > | > | > | >Last week I installed a Mikrotik 2.8beta box configured as a bridge | > | > | >after the router. We are blocking P2P file sharing and the results | > have | > | > | >been very entertaining. People will not actually call up and tell you | > | > | >that Kazaa is not working. It is the "Internet" has stopped | > working... | > | > | >Or I cannot get to the sites that I need. | > | > | > | > | > | >We have had one customer cancel... Traffic during the daytime has | > | > | >remained the same essentially, but evening and weekend traffic is | > | 25-30% | > | > | >lower. | > | > | > | > | > | > | > | > | >Erik Stave | > | > | >VP/CTO | > | > | >erik@pfbiz.com | > | > | >Prairie Fire Communications | > | > | >140 N Phillips, Suite 404 | > | > | >Sioux Falls, SD 57104 | > | > | > | > | > | > | > | > | >I've stopped 3,677 spam messages. You can too! | > | > | >One month FREE spam protection at | > http://www.cloudmark.com/spamnetsig/ | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | > | | > | > | | > | > | | > | > | | > | > | | > | > | | > | > | > | > | > | > | > | > | > | | > | | > | | > | | > | | | |
Thread Index |
|
