Firewall Wizards mailing list archives
Re: stop microsoft p2p
From: Julian Gomez <kluivert () tm net my>
Date: Fri, 28 Mar 2003 12:25:41 +0800 (MYT)
On Thu, 27 Mar 2003, Bennett Todd wrote: (snip rest)
remotely, and there's no "connection" to drop. But maybe some of the ICMP tricks will work. Fortunately, designing robust protocols without the help of TCP is hard enough that few people try; an IPS can carry you a long way. If you want to play with the IPS approach, you could build snort with flexresp enabled and play with that.
Or you could try one of the tools from Dug Song's dsniff package, I used to have quite some fun with it killing off non-compliant users which used IM clients in the office :-) But that was laborous, and to make it easier will probably mean Snort again for most people, so snort+flexresp inbuilt would be easier than tying it separately to an external program. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- stop microsoft p2p Robert E. Martin (Mar 27)
- Re: stop microsoft p2p Bennett Todd (Mar 27)
- Re: stop microsoft p2p Julian Gomez (Mar 28)
- Re: stop microsoft p2p Michael LaPane (Mar 28)
- <Possible follow-ups>
- RE: stop microsoft p2p Noonan, Wesley (Mar 27)
- Re: stop microsoft p2p Mark Gumennik (Mar 28)
- RE: stop microsoft p2p Sloane, David (Mar 27)
- RE: stop microsoft p2p Bruce Platt (Mar 28)
- RE: stop microsoft p2p Kessler, Ben (Mar 30)
- Re: stop microsoft p2p Bennett Todd (Mar 27)