Re: Re: detecting waste traffic
> > Does not being able to fingerprint the key exchange matter?you bet it matters. since (as I take it, still haven't done direct
investigation) all traffic, including routing info and such, gets encrypted,
the key exchange may be the only hook for fingerprinting WASTE traffic. That
is to say that I'm not surprised if special care was put in making this
traffic at least very difficult to fingerprint.
> > Can anyone think of any more ?like someone already pointed out in the list, limiting allowed outgoing
traffic along with the use of application proxies greatly limits the ability
to use these kind of applications. the app proxies can be fooled with
protocol tunneling a-la Corkscrew or others, still as someone said here, but
with cost and difficulties, and given that the proxies are not content-aware
(or not enough, I mean).
> Well.. You see, you actually *can* block Kazaa, it jsut takes technology.correct.
> Since Kazaa is all unencrypted, you can use a sniffing host (I believe
> there is ap lugin for the Snort IDS)
> To my knowledge, not many ISP's even usemoreover, actively blocking traffic always leaves you with the problem of
> something like this for Kazaa because it takes money..
false positives, i.e. erroneously blocking legitimate traffic.
> I think the bandwidthcheck this:
> usage and capping is probably less than the cost of implementing such an