Monthly Archives: January 2008

IMFirewall P2P Classify Engine Introduction

IMFirewall P2P Classify Engine Introduction


1    Introduction


IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.


2       Supported Pattern Type


Three pattern types are supported:


1.      Signature Pattern


You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..


2.      Port Pattern


IMFirewall pattern matching engine can also recognize protocols by port or port range.


3.      HTTP Pattern


Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.


3       Pattern Matching Speed


We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.


4       Quick Response for New (Updated) Protocols


As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.


We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.


This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.


 


Links: Supported protocols list of WFilter