> On 11/4/05, Christoph Egger <[EMAIL PROTECTED]> wrote: > > The P2P traffic can be identified this way: > > - The source IP from one client is always the same > > - The client establishes lots of connections to many destination IP > > adresses > > Use synproxy, max-src-states, and overload tables. Automagically locks > out agressive clients such as viruses and P2P users (and people > browsing Fark photoshop threads). For bonus points, script the > addition of the MAC address to your switching ACLs.
This is a great idea. Tnx. But I also want to unlock them automatically after 15 minutes again, except infected clients. Worms can be identified by filtering outgoing port 25, which is no problem. Incoming traffic is locked generally due to nat n:1. > -- > Jon Simola > Systems Administrator > ABC Communications -- Greetings, Christoph Highspeed-Freiheit. Bei GMX superg|nstig, z.B. GMX DSL_Cityflat, DSL-Flatrate f|r nur 4,99 Euro/Monat* http://www.gmx.net/de/go/dsl
