Hi devcenter I've been reading the document on Application DDoS mitigation techniques using vulnerability signatures ( Application DDoS Mitigation ). I've been experimenting with the concept of "session limiting" bittorrent connections in this manner. I can't get my signature to match though. Guessing it is because I need to use a p2p context in the signature and not unknown? Is there any way to get this to work? Or maybe some other technique that can be used to "session limit" bittorrent connections, not QoS using bandwidth statements. From an ISP perspective it would be advantageous to be able to "session limit" bittorrent connections using PAN - i.e. limit amount of active bittorrent sessions per ISP customer source IP. Bittorrent connections from a hundred odd customers each with couple Mbps per WAN link floods the session table on the PAN at very very low throughput. Almost 90% of the time the session table is filled with 80% bittorrent connections ("show session all filter count yes application bittorrent").
... View more