IDS mailing list archives
Re: blocking p2p traffic
From: Petr Ruzicka <pruzicka () openbsd cz>
Date: Tue, 9 Mar 2004 21:41:53 +0100
I did not used IPS/IDS but combination of two techniques : 1/ DNS poisoning If client use only DNS resolver under your control, your could easily use your DNS to be authoritative server for kazaa.com and return 127.0.0.1 for such query. I use tinydns and it works like charm. 2/ Some P2P connect to central server in order to get list of other peers. To block it you could use technique mentioned above. However, if client already has such list of hubs, you could block them on you firewall. using OpenBSD firewall pf, namely feature called 'table'(list of address you could fill or clean without reloading your firewall rules) I wrote small script to fetch list of such hubs from central site, get IP addresses from the list and filled them to the table that I block (ie. send RST if someone wants to connect to them). I downloaded such list once a day, something above 3000 addresses. Regards Petr R. Deshpande, Yashodhan [ydeshpande () ipolicynet com] wrote:
Hi, Any information regarding IDS/IPS software available which blocks p2p traffic? Or in general any information regarding how to identify p2p application is running and may be configure firewall to block such traffic. In general it is observed that such applications do not work on = single port and do port hopping. How to block them? Any inputs on the same would be appreciated. Thanks, Yashodhan --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
Current thread:
- blocking p2p traffic Deshpande, Yashodhan (Mar 04)
- Re: blocking p2p traffic Juan Carlos Davila (Mar 04)
- Re: blocking p2p traffic Asbjørn Eliassen (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Helder Miguel Rodrigues (Mar 08)
- Re: blocking p2p traffic Shaiful (Mar 08)
- Re: blocking p2p traffic Ravi (Mar 08)
- Re: blocking p2p traffic Joakim Andersson (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Petr Ruzicka (Mar 12)
- <Possible follow-ups>
- RE: blocking p2p traffic Gary Freeman (Mar 04)
- RE: blocking p2p traffic josh (Mar 08)
- RE: blocking p2p traffic Zach Forsyth (Mar 08)
- Re: blocking p2p traffic Dean Smith (Mar 08)
- RE: blocking p2p traffic Vincent . Maes (Mar 08)
- RE: blocking p2p traffic James Williams (Mar 08)
- Re: blocking p2p traffic Michael Stone (Mar 12)
- RE: blocking p2p traffic InfoSec (Mar 08)
- Re: blocking p2p traffic Jens Matthes (Mar 12)
- Re: blocking p2p traffic Jeff Kell (Mar 12)
(Thread continues...)