IDS mailing list archives
RE: blocking p2p traffic
From: Vincent.Maes () aps com
Date: Mon, 8 Mar 2004 13:11:00 -0700
Here's a good overview of the risks and mitigation regarding multiple p2p applications. I'm not pushing ISS, just feel it's a good document. http://documents.iss.net/whitepapers/X-Force_P2P.pdf Vince Maes, CISSP -----Original Message----- From: Ravi [mailto:ravivsn () roc co in] Sent: Thursday, March 04, 2004 8:39 PM To: Deshpande, Yashodhan Cc: focus-ids () securityfocus com Subject: Re: blocking p2p traffic Hi Yashodhan, - Snort have rules to identify p2p connections and uses flexresp to block the connections. - You are right that p2p applications changes port numbers in order to hide their identity, so use nessus to detect such p2p applications frequently and get the details. For this I suppose your IDS/IPS should have target intelligence. or develop target intelligence over nessus and snort. Hope this helps, -Ravi ROCSYS Technologies Ltd http://www.rocsys.com Hyderabad INDIA Deshpande, Yashodhan wrote:
Hi, Any information regarding IDS/IPS software available which blocks p2p traffic? Or in general any information regarding how to identify p2p application is running and may be configure firewall to block such
traffic. In general it is observed that such applications do not work on = single port and do port hopping. How to block them? Any inputs on the same would be appreciated. Thanks, Yashodhan ----------------------------------------------------------------------- ---- Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN,
wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 -----------------------------------------------------------------------
----
------------------------------------------------------------------------ --- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ------------------------------------------------------------------------ --- "MMS <apsc.com>" made the following annotations. ------------------------------------------------------------------------------ --- NOTICE --- This message is for the designated recipient only and may contain confidential, privileged or proprietary information. If you have received it in error, please notify the sender immediately and delete the original and any copy or printout. Unintended recipients are prohibited from making any other use of this e-mail. Although we have taken reasonable precautions to ensure no viruses are present in this e-mail, we accept no liability for any loss or damage arising from the use of this e-mail or attachments, or for any delay or errors or omissions in the contents which result from e-mail transmission. ============================================================================== --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
Current thread:
- Re: blocking p2p traffic, (continued)
- Re: blocking p2p traffic Helder Miguel Rodrigues (Mar 08)
- Re: blocking p2p traffic Shaiful (Mar 08)
- Re: blocking p2p traffic Ravi (Mar 08)
- Re: blocking p2p traffic Joakim Andersson (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Petr Ruzicka (Mar 12)
- RE: blocking p2p traffic Gary Freeman (Mar 04)
- RE: blocking p2p traffic josh (Mar 08)
- RE: blocking p2p traffic Zach Forsyth (Mar 08)
- Re: blocking p2p traffic Dean Smith (Mar 08)
- RE: blocking p2p traffic Vincent . Maes (Mar 08)
- RE: blocking p2p traffic James Williams (Mar 08)
- Re: blocking p2p traffic Michael Stone (Mar 12)
- RE: blocking p2p traffic InfoSec (Mar 08)
- Re: blocking p2p traffic Jens Matthes (Mar 12)
- Re: blocking p2p traffic Jeff Kell (Mar 12)
- Re: blocking p2p traffic Brian Smith (Mar 15)