[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Removal of IP

To: <sfolayan at skannet.com.ng>, afnog at afnog.org
Subject: Re: Removal of IP
From: John Tully <tully at mikrotik.com>
Date: Tue, 06 May 2003 16:04:58 +0300
Content-Type: text/plain; charset="us-ascii"; format=flowed
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <Pine.LNX.4.30.0305061256590.8995-100000 at pop.skannet.com>
References: <200305061117.h46BHJE01706 at localhost.localdomain>
Sender: owner-afnog at afnog.org


We are making a "smart" content filter in our newest version of RouterOS 
v2.7.  Currently, you can find a string in any connection and then filter 
it or bandwidth shape it.  Mainly, this is being made for controlling P2P 
servers (Kazaa, MP3 trading...) set up on clients computers.  Our newer 
"smart" content and bandwidth control features will allow you to make a 
"signature" that could include several things that have to be in a packet 
-- such as a string at a certain location or a certain string and not 
another expected string.  "Signatures" could be made to recognize 
connections that are transmitting spam, which can then be dropped or 
bandwidth shaped (or logged).  To make a signature for 419, it would 
require some analysis but it sounds possible, as most spam has certain 
properties.

To be fair, Cisco has NBAR but it you can't make the "signature" files and 
the CPU power is quite limited -- you can only download them from Cisco and 
I don't know that they will make special 419 files.  Anyway, it would be 
nice to be able to make your own as things are changing so fast.

The new P2P control might be a very interesting topic for AFNOG as I know 
that bandwidth expenses in Africa are very high -- and you need to make 
sure that it is being used efficiently.  What I have described here is just 
a touch of what can be done with the "smart" content filter and also there 
will be extensive ways to set the speeds for the P2P traffic you find (or 
drop the traffic).

Please comment on how important (or non-important) a P2P bandwidth control 
seminar would be at the Afnog 2003.

John
www.mikrotik.com



At 12:57 PM 5/6/2003 +0100, you wrote:
>We do react. Please see my mail on the steps we take.
>
>Sunday.
>
>On Tue, 6 May 2003, ALAIN PATRICK AINA wrote:
>
> > Date: Tue, 6 May 2003 11:17:08 +0000
> > From: ALAIN PATRICK AINA <aalain at trstech.net>
> > To: sfolayan at skannet.com.ng, Brian Candler <B.Candler at pobox.com>
> > Cc: afnog at afnog.org
> > Subject: Re: Removal of IP
> >
> >
> >
> > > As Fisayo and others have written in previous posts, it is not as easy as
> > > it seems.
> >
> > But  you  have to face the case. It is the same situation when corrupted or
> > hacked machines from your IP block scan ports on other networks.
> > If you don't react, your whole block get locked.
> >
> >
> > --alain
>
>
>
>-----
>This is the afnog mailing list, managed by Majordomo 1.94.5
>
>To send a message to this list, e-mail afnog at afnog.org
>To send a request to majordomo, e-mail majordomo at afnog.org and put
>your request in the body of the message (i.e use "help" for help)
>
>This list is maintained by owner-afnog at afnog.org


-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

References:
- Re: Removal of IP
  - From: ALAIN PATRICK AINA <aalain at trstech.net>
- Re: Removal of IP
  - From: Sunday Folayan <sfolayan at skannet.com.ng>

Prev by Date: RE: Removal of IP
Next by Date: RE: Removal of IP
Prev by thread: Re: Removal of IP
Next by thread: Re: Removal of IP
Index(es):
- Date
- Thread