www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Slowing down p2p traffic with L7 or other methods

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
cozzi@nd.edu



Joined: 01 Apr 2008
Posts: 10

PostPosted: Tue Apr 01, 2008 4:07 pm    Post subject: Slowing down p2p traffic with L7 or other methods Reply with quote

I have an Intel box with two gigabit interfaces. ETH1 on the
outside and ETH0 on the inside. No iptables rules have been
applied. I am using version 1.0 beta9 from a CD image and
database on a usb flash device.

Intentionally I have set up a system on the inside with BitTorrent
v 6.0.3 running on windows XP.

Right now I am trying to understand how to limit the uploading
(outbound) traffic from this system via the classifier rules.
Next will be the downloading issue.
For example:
MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto bittorrent MARK set 0x10
OR:
MARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 --bit MARK set 0x10

Basically, I want to “slowdown” anything p2p or in this case
Bittorrent, however, the qos class manager has 50kb/s set for this
classification, the bittorrent system is eating up all the bandwidth.

Any idea how to do this?

Thanks for any help

--marc
Back to top
View user's profile Send private message
cozzi@nd.edu



Joined: 01 Apr 2008
Posts: 10

PostPosted: Tue Apr 01, 2008 10:38 pm    Post subject: Reply with quote

I should add to this, that the bittorrent client
is NOT encrypted.

thanks
Confused
Back to top
View user's profile Send private message
aeronet



Joined: 15 Jan 2008
Posts: 13
Location: Venezuela

PostPosted: Sun Apr 06, 2008 11:39 pm    Post subject: P2P traffic. Reply with quote

I also have the same problem. Don´t know how tu slow down the bittorrent. I will appreciate some help.
Back to top
View user's profile Send private message Send e-mail
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Fri Nov 06, 2009 9:29 pm    Post subject: Reply with quote

This p2p is always going to be a pain. p2p will always advance and create new ways to avoid shaping. layer 7 can only do so much but is based on static principles. the new generation will need and have to be bandwidth arbitration. a real-time way to see concurrent conncections/sec, traffic usage down and up, destination hosts, and give it the lowest priority.

So far, ZEROSHELL has been, THE ONLY, only open-source software/hardware based piece to come close to doing this, THANK YOU FULVIO FROM THE BOTTOM OF MY HEART, ... that I know of...

Again p2p will always come up with new ways, and have a default of encryption from now on, especially now since bittorrent/utorrent 2.0 (torrentfreak) is coming out, and cause issues for everyone. But... if this helps...

I've found the best way to find the most active host(s) on a network is with NTOP first, then iptraf, whichever you'd like if that helps. Then apply a pipe or class in ZS* with DSCP of 0 w/ BE, 0BE, to give lowest priority. Then make a classifier for that pipe with the port in question, apply the DSCP with 0BE and the class specified.

I've found, if this helps, on a bridge NIC ZS box... A bridged NIC, Wan - LAN, the LAN NIC is the destination IP/mask on the classifier, and for the download, the upload will be the source/ip range. I found that to be quick, yet, confusing at first.

Again p2p will always port hop and such, but until something comes by to almost AI (Artifical Intelligence) it's way, to see mass connections on obscure connections, random port hops, and judge what to do by itself, we will need ZS, NTOP, and IPTRAF!!!

On a side note, Google OSSIM, for an open-source OSSIM (Open Source Security Information Management). This software will use bleeding edge snort rules, THANK YOU FULVIO FOR IMPLEMENTING SNORT, to see what I have found on an ISP, "DHT P2P", and "P2P downloading" signatures daily. If there was only a way to implement a way into ZS a way to deny, or such, these signature, that would be another way to balance bandwidth, and have p2p co-exist.

I know p2p is evil-yet-good, but it looks like it is here to stay, and we should find a way to co-exist, with some kind of balance.

I use a dual 2.6 xeon, 4-core, and snort is quite high, around 80% with 4 gigs of ram... Though quite high, but insanely quite worth it... considering...

That'd be great if there was a way to include snort into the gui, such as the with the Command Line Interaface of... "http://samiux.wordpress.com/2008/12/05/howto-intrusion-prevention-system-ips-with-zeroshell-easyids-and-guardian/"

This way you could drop anything that is seen as DHT or P2P... hmmm..!!!
Back to top
View user's profile Send private message
DELETED
Guest





PostPosted: Tue Nov 17, 2009 9:48 am    Post subject: Re: P2P traffic. Reply with quote

DELETED
Back to top
krishnaraj



Joined: 28 Mar 2014
Posts: 2

PostPosted: Fri Mar 28, 2014 6:19 pm    Post subject: P2P Issue Reply with quote

I tried what you have said but still it didnt work. If this works fine then guys i will tell Zeroshell is the best i have ever worked with. Thanks ZS team for a wonderful work.

AtroposX wrote:
This p2p is always going to be a pain. p2p will always advance and create new ways to avoid shaping. layer 7 can only do so much but is based on static principles. the new generation will need and have to be bandwidth arbitration. a real-time way to see concurrent conncections/sec, traffic usage down and up, destination hosts, and give it the lowest priority.

So far, ZEROSHELL has been, THE ONLY, only open-source software/hardware based piece to come close to doing this, THANK YOU FULVIO FROM THE BOTTOM OF MY HEART, ... that I know of...

Again p2p will always come up with new ways, and have a default of encryption from now on, especially now since bittorrent/utorrent 2.0 (torrentfreak) is coming out, and cause issues for everyone. But... if this helps...

I've found the best way to find the most active host(s) on a network is with NTOP first, then iptraf, whichever you'd like if that helps. Then apply a pipe or class in ZS* with DSCP of 0 w/ BE, 0BE, to give lowest priority. Then make a classifier for that pipe with the port in question, apply the DSCP with 0BE and the class specified.

I've found, if this helps, on a bridge NIC ZS box... A bridged NIC, Wan - LAN, the LAN NIC is the destination IP/mask on the classifier, and for the download, the upload will be the source/ip range. I found that to be quick, yet, confusing at first.

Again p2p will always port hop and such, but until something comes by to almost AI (Artifical Intelligence) it's way, to see mass connections on obscure connections, random port hops, and judge what to do by itself, we will need ZS, NTOP, and IPTRAF!!!

On a side note, Google OSSIM, for an open-source OSSIM (Open Source Security Information Management). This software will use bleeding edge snort rules, THANK YOU FULVIO FOR IMPLEMENTING SNORT, to see what I have found on an ISP, "DHT P2P", and "P2P downloading" signatures daily. If there was only a way to implement a way into ZS a way to deny, or such, these signature, that would be another way to balance bandwidth, and have p2p co-exist.

I know p2p is evil-yet-good, but it looks like it is here to stay, and we should find a way to co-exist, with some kind of balance.

I use a dual 2.6 xeon, 4-core, and snort is quite high, around 80% with 4 gigs of ram... Though quite high, but insanely quite worth it... considering...

That'd be great if there was a way to include snort into the gui, such as the with the Command Line Interaface of... "http://samiux.wordpress.com/2008/12/05/howto-intrusion-prevention-system-ips-with-zeroshell-easyids-and-guardian/"

This way you could drop anything that is seen as DHT or P2P... hmmm..!!!
Back to top
View user's profile Send private message
janmoys



Joined: 03 Oct 2015
Posts: 4

PostPosted: Sat Oct 03, 2015 3:04 am    Post subject: Zeroshel to block streamin website Reply with quote

DROP all -- 192.168.2.94 anywhere LAYER7 l7proto rtp
DROP all -- 192.168.2.94 anywhere LAYER7 l7proto pplive
DROP all -- 192.168.2.94 anywhere LAYER7 l7proto quicktime
DROP all -- 192.168.2.94 anywhere LAYER7 l7proto rtsp
DROP all -- 192.168.2.94 anywhere LAYER7 l7proto http-rtsp
DROP all -- 192.168.2.94 anywhere LAYER7 l7proto httpvideo


I have this to block any video streaming website on certain IP address. but it does not block any streaming website. kindly help. thankss. Im using zeroshell Release 3.0.0. thanks.
Back to top
View user's profile Send private message
gordonf



Joined: 26 Feb 2012
Posts: 89

PostPosted: Tue Oct 06, 2015 12:17 pm    Post subject: Bringing this back on topic... Reply with quote

This older discussion brings up a question on throttling in general.

If P2P software insists on being all cloak-and-dagger-y to evade Layer 7 filters, how about throttling based on source IP instead? "Well my son/daughter, if you insist on running BitTorrent you can suffer with dial-up speeds for everything. And that includes YouTube."

Yes this is me being the evil ISP. Too bad: This is my network.

The trick would be finding out where the threshold is. Streaming a YouTube video at 1080p 60fps or watching some 2 hour movie in HD on Netflix would ideally not trip the throttle. And if that means P2P would throttle itself in order to avoid tripping the router throttle, then I've succeeded.

How would I go about this in ZS 3?
--
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group