IDS mailing list archives

Re: blocking p2p traffic

From: Petr Ruzicka <pruzicka () openbsd cz>
Date: Tue, 9 Mar 2004 21:41:53 +0100

I did not used IPS/IDS but combination of two techniques :
1/ DNS poisoning
If client use only DNS resolver under your control, your could easily
use your DNS to be authoritative server for kazaa.com and return
127.0.0.1 for such query. I use tinydns and it works like charm.


2/ Some P2P connect to central server in order to get list of other
peers. To block it you could use technique mentioned above. However, if
client already has such list of hubs, you could block them on you
firewall. using OpenBSD firewall pf, namely feature called 'table'(list 
of address you could fill or clean without reloading your firewall
rules) I wrote small script to fetch list of such hubs from central
site, get IP addresses from the list and filled them to the table that I
block (ie. send RST if someone wants to connect to them). 
I downloaded such list once a day, something above 3000 addresses. 
Regards

Petr R.

Deshpande, Yashodhan [ydeshpande () ipolicynet com] wrote:

Hi,

    Any information regarding IDS/IPS software available which blocks p2p traffic? Or in general any information 
regarding how to identify p2p application is running and may be configure firewall to block such traffic. In general 
it is observed that such applications do not work on = single port and do port hopping. How to block them?

Any inputs on the same would be appreciated.


Thanks,

Yashodhan

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------

Current thread:

blocking p2p traffic Deshpande, Yashodhan (Mar 04)
- Re: blocking p2p traffic Juan Carlos Davila (Mar 04)
- Re: blocking p2p traffic Asbjørn Eliassen (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
  - Re: blocking p2p traffic Helder Miguel Rodrigues (Mar 08)
- Re: blocking p2p traffic Shaiful (Mar 08)
- Re: blocking p2p traffic Ravi (Mar 08)
- Re: blocking p2p traffic Joakim Andersson (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Petr Ruzicka (Mar 12)
- <Possible follow-ups>
- RE: blocking p2p traffic Gary Freeman (Mar 04)
  - RE: blocking p2p traffic josh (Mar 08)
- RE: blocking p2p traffic Zach Forsyth (Mar 08)
- Re: blocking p2p traffic Dean Smith (Mar 08)
- RE: blocking p2p traffic Vincent . Maes (Mar 08)
- RE: blocking p2p traffic James Williams (Mar 08)
  - Re: blocking p2p traffic Michael Stone (Mar 12)
- RE: blocking p2p traffic InfoSec (Mar 08)
  - Re: blocking p2p traffic Jens Matthes (Mar 12)
  - Re: blocking p2p traffic Jeff Kell (Mar 12)

(Thread continues...)