Kazaa! iptables table sizes and performance

From: Chris Lowth (dont_at_want.spam)
Date: 05/09/03


Date: Fri, 09 May 2003 15:56:15 +0100

I am working on a iptables module for kazaa blocking, based on an 'adaptive'
approach - whereby I create REJECT rules for IP/port number pairs as the
module identifies them as being Kazaa servers.

It works fine, but I am fairly quickly creating quite a lot of rules - so
was wondering what the limits are, in terms of max number of rules that can
be created and the impact of very large rule sets on performance.

Does anyone have any 'real-life' experience of rule sets running into the
thousands of rules? If so - do you notice much in the way of a performance
hit?

Someone will ask (I would have done!): 'why not use the iptables "string"
module?' - well it's because it isnt enough enough to safely identify a
Kazaa packet simply by the existance of a string - web pages or ftp
transfers with the same string can also be blocked - and I am after 'safe'
blocking - I dont accept the risk of blocking non-Kazaa traffic in my
attempt to block Kazaa.

Thanks.

Chris

-- 
Real address: chris at lowth dot sea oh em.
GPL e-mail anti-virus: http://protector.sourceforge.net
IPTables wizzards: http://www.lowth.com/LinWiz


Relevant Pages

  • RE: [fw-wiz] Blocking Kazaa
    ... You might try blocking the destination ip address. ... application tries to contact the "mother ship" every time it fires up. ... Hi, I want to block kazaa from my pix fw blocking port 1214 TCP, but it ...
    (Firewall-Wizards)
  • Re: blocking kazza
    ... Browse Control now includes Application Blocking and so allows you to ... Kazaa is quite clever and can port hop. ...
    (alt.computer.security)
  • Re: blocking Kazaa and other P2P
    ... > Since Kazaa uses port 80, and AFAIK, doesn't have a central server or ... > repository, you might find it difficult to block. ... Blocking kazaa.com, ... could suffice to block the use of Kazaa. ...
    (comp.security.firewalls)
  • Re: P2P and Kazaa!!
    ... Chris wrote: ... > of My Documents, and my desktop icons. ... > have done the 'System Recovery' wizard, ... > How can Kazaa co. get away with something like this! ...
    (microsoft.public.windowsxp.general)
  • Re: Kazaa! iptables table sizes and performance
    ... Chris Lowth wrote: ... > I am working on a iptables module for kazaa blocking, ... > module identifies them as being Kazaa servers. ...
    (comp.os.linux.security)