Activity on UDP/50032 (explained?)

Published: 2005-10-07
Last Updated: 2005-10-07 20:22:49 UTC
by Kevin Liston (Version: 2)
0 comment(s)
Take a gander at this graph of activity on port 50032.  Starting 9/18/2005 increased use of this port was detected.  Packet captures that have been submitted look to belong to the Ares P2P operating in "firewall bypassing mode."  My thanks to those who submitted captures.

Now, and open letter to P2P protocol creators: if you think you're the first one to come with a brilliant way to tunnel yet another protocol on top of UDP or TCP, think again.  Much like the budding chef who thinks that they're the first person to come up with the peanut-butter, mayonnaise and pickle sandwich-- there might be good reason that such an abomination hasn't caught on yet.  P2P is about peering, and leveraging the power of that network.  It's not about getting past the perimeter (unless you talking about bypassing censorship, which doesn't do silly things with protocols-- it leverages the network of participants to anonymize requests.)  Also, throwing another layer of abstraction on top of the exiting layers is not going to make your file transfers more efficient. 

I'm sorry that your employer doesn't allow you to download your Dr. Who episodes on their FAT PIPE. 

Thanks.

kliston -AT- isc sans org
Keywords:
0 comment(s)
Diary Archives