A quick dissection of the traffic will tell you exactly what it is. You can use any port you want, but you can't really hide the payload.
Ok...we have developed a new networked device that uses Avahi...
to discover and communicate to other devices on the LAN....hence the constant DNS requests going out to our ISP...through 2 routers
I am concerned when a customer plugs this device at home ...the device will have excessive DNS requests through their routers to the customers ISP....Is that going to be an issue?? will the ISPs freak??
Not knowing much about all this and why we have a consultant working on this (at my request)....I want to ask the the guy is it not possible to keep these requests localized within the LAN ???
Too bad hes such an arrogant a$$...else I could try and work with him on this..
I appreciate your thoughts on this!!
off to read up more on this
Why do you need DNS - SD?
I thought you were running on a Windows 2003 AD network?
This is a device we have developed that runs *nix based OS....
This device sits outside our network and is developed for home use...hence the auto discovery of other devices...
It has its on LAN.....with other devices...separate from our corporate LAN sharing our internet..
Its own "subnet" if you will ;-)
Ok...figured it out...well kinda sorta....
its not our device... phew...we are about to go into production with this
its something on his laptop...not sure what it is though.....its some kind of P2P client for sure.
Is this in a setting where you are the Network Admin? Basically I'm wondering what kind of say you have over what people do, and, if you can make a "Policy" where all people using things on your network have to follow what you've set.
This would make things easier, and you can make some BS policy where you have rules against P2P traffic if it's an actual problem. If the person doing this has a valid reason, that's one thing (He may be using P2P to get legal software... I know, most probably don't, but some software is actually released with P2P and it's a better way of getting it than the main server the stuff is hosted on) so if it's valid and it's not bogging you down, that's one thing, but if he's using it to grab movies or music illegally, then, well, you know.
If you can get away with it, make a policy that dictates you need to know what software each client is using before they're allowed access, and if your boss or whoever you have to report to gets iffy about it, just say "I'm making sure our asses are covered in the event that someone comes in from the outside, plugs into the network, downloads a few thousand songs or a few hundred movies, and we get sued for Piracy" which is normally enough to get your way or at least get them to agree since no one likes being sued.
This would allow you some control over what network apps people are actually allowed to use. And if this is in fact a setting where you are responsible for this stuff, well, again, you should be able to at the very least, make a form of a policy where you can say no to some moron attempting to turn your network into a piracy house.
The College I went to had a policy where students were allowed to not only bring their laptops in, but hook them up to the network and surf the net, which is cool because when you were doing something like a project, you were able to grab info from the net, whack it into a Presentation software package, and go.
They did have a rule though, where P2P wasn't allowed for things that weren't legal. One of the main professor's allowed some P2P because for Linux distros when we did Security + and Linux + both, it was easy to let people grab a distro of Linux over Bit Torrent, or whatever else, and then go from there. The college didn't mind because it saved them money on CDs and so on, and it worked out.
However, the Network Admin, had a policy where if this was abused, they lost access. You can pretty easily tell with the right software. I'm not sure if you have access to a REAL Packet Sniffer (A hardware model for instance) but it can pretty much plug in, watch, and print out what happens that looks suspicious.
And did I read this right? You have a Unix based product in use and it's working out for you? And you're admitting it wasn't the issue? :o ;)
Also, if this guy is, as you've said, got a HUGE attitude problem, I'd personally go to my boss, bring up the situation, and say that he's basically not the type who's going to admit to anything, and that he's got a problem with people in general. This of course adds to the CYA principle, and makes sure you aren't the one who takes the blast when "it" hits the fan.