Hi @Steve, :-) inline below.<br><br><div class="gmail_quote">On Wed, Feb 15, 2012 at 6:03 PM, Steve Muchai <span dir="ltr">&lt;<a href="mailto:smuchai@gmail.com">smuchai@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Wed, Feb 15, 2012 at 4:43 PM, aki &lt;<a href="mailto:aki275@gmail.com">aki275@gmail.com</a>&gt; wrote:<br>
&gt; @Dennis, IMHO. This and all other useless-belong in the garbage tin- Open<br>
&gt; Source egde security systems cannot handle &quot;dark networks&quot;, ever followed<br>
<br>
</div>Aki,<br>
Previously I&#39;ve successfully blocked P2P, skype and bittorent traffic<br>
using pure open-source - DPI with application-level signature<br>
detection using Snort, feeding rules to iptables on Linux. I know it<br>
works even better now than it did then. And that&#39;s not the only way it<br>
can be done, open-source.<br>
<br>
That was ages ago, mostly for fun and is definitely not the way Tusker<br>
wants to go. He&#39;s indicated that he needs a easy-to manage,<br>
well-supported commercial solution.<br></blockquote><div><br></div><div><br></div><div>P2P and the rest have or are gone stealth, from the old days and now is a big change. Wikileaks and what followed later changed many things. In these times, how would you detect encrypted traffic on port 80 or 8080 without running a proper DPI. And trust me, even the core networks out there that make our networks look like kijiji networks,   are facing very complex issues and DPI overheads. Some of these are running into Terabits DPIs that run distributed services. </div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
&gt; There is a special need, and this need can only be partly implemented at<br>
&gt; core networks as an ISP or Gateways.<br>
&gt;<br>
&gt; Edge solutions can even simply run on a cisco router ALCs, why force end<br>
&gt; users to add other products?<br>
<br>
</div>Bad idea. Not at the core.<br>
Back in my ISP days we had ACLs that blocked well-known bad traffic -<br>
NetBIOS, known worms etc. at the edge.  But you&#39;d just pointed out -<br>
correctly - that such traffic will get around ACLs.<br>
<br>
The answer is managed services for customers who want their traffic<br>
managed for them - and this at a fee. Where the device that handles<br>
this sits, is debatable. Should be it a CPE? Maybe. Or somewhere in<br>
the provider network? I can&#39;t say. Some customers don&#39;t want the ISP<br>
to touch their traffic.<br>
<br>
One size doesn&#39;t fit all.<br>
<br>
Regards,<br>
<font color="#888888">Steve<br>
</font><div><div></div><div class="h5">_</div></div></blockquote><div><br></div><div>Managed IP services such as QOS/IDS/NTM is a must have and ISPs, Telcos need to embrace this. No one on edge networks is going to micro-manage a problem such as Torrents which keep changing their patterns when threats increase to their survivability. Even if some taka taka Open source freeware worked, it cannot keep up with the changes as itself becomes a bottleneck. Let ISPs and Telcos offer secure and managed services, and the clients will not spend much on hardware. Ofcourse, the managed services are a VAS thus offered as such. </div>
<div><br></div><div>Cheers. :-)</div><div><br></div><div> </div></div>