[fw-wiz] QoS and P2P?

From: Paul Robertson (proberts@patriot.net)
Date: 11/04/02

From: Paul Robertson <proberts@patriot.net>
To: firewall-wizards@honor.icsalabs.com
Date: Mon Nov  4 13:40:02 2002

It looks like Cisco has some interesting-ish QoS feature called "Network
Based Application Recognition," or NBAR- which works on 75xx routers with
VIP cards and maybe 72xx models- but I also see a note abut 2600 and 3600
series router support (yes, I saw the switch stuff too, folks are more
likely to have the routers IMO.)

What's interesting to me about this feature is how the ISPs who are
blocking P2P software such as Kazaa, Gnutella, Morpheus, Grokster, iMesh
and Napster may be using this.

There are modules that are available on CCO (requires a CCO
password) for this, so I'm wondering if anyone's been using this feature
in prodcution (especially if it'd work for P2P blocking on the 26xx and
36xx series routers that a lot of places already have installed) and if
anyone has any information about what signatures are in the modules to
recognize the protocols.

It'd be nice to have a P2P blocking option that doesn't require any
additonal purchases for folks who're experiencing performance, security,
or legal issues with these protocols.

Outside operational experience, I'd appreciate a list of other things that
do this (off list and I'll summarize.) I've been discounting QoS as a
service option for a lot of years, so I only recently started looking into
this as a way to do interesting content-based network control.


Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

Relevant Pages

  • Re: Restricted Access Very Capable Router?
    ... > timed access was not a feature in any. ... > typically get into upper layer support. ... Not as fast as the hardware routers, ...
  • 876-K9 | 876-SEC-K9.
    ... Do the routers in the object differ only by te software installed? ... Do the share the same hardware? ... Is it possible to installed the SEC feature after the purchase, ...
  • Re: Can I run Samba and phpMyAdmin on Solaris 10?
    ... I thought only larger routers did that, ... consumer stuff. ... Even the little Cisco switches will do this, ... feature. ...
  • RE: FreeBSD router two DSL connections
    ... >> control how traffic goes OUT of your network. ... > filtering is simply wrong. ... el-cheapo DSL routers that are network address translators, ... 7206 VXR's now, any ISP under 10,000 customers can easily ...
  • Re: Corporate Intranet
    ... Try to map or figure out how is the network inside... ... all ip addresses involved, specially on routers. ... On internet browsers combined with Social Engineering, ... InfoSec Institute ...