Firewall Wizards mailing list archives
Re: Port numbers for Peer to Peer file sharing apps.
From: Tony Howlett <thowlett () netsecuritysvcs com>
Date: Wed, 20 Nov 2002 20:22:34 -0600
Unfortunately many of the peer to peer apps are now using port 80 when their default port is blocked. So blocking on just the port level is getting less and less effective. You may get some of it, but more and more the Ptp companies (and IM and other streaming stuff) are putting everything on port 80, knowing that 90+% of organizations allow unlimited web access. An internal IDS could help you catch some of it as many of them have signatures for the major Ptp players. I have used the open source IDS snort in just this fashion and it works pretty good (thought not perfectly and if you have a ton of Ptp going on, it could be overwelming). Being at a college, im sure you could get a couple of grad students to stick a box together for you. You also might see if any of the web content filtering guys are doing this. If they arent already it would be a great add on for thier product.
Good luck! At 04:22 PM 11/20/2002 -0800, you wrote:
firewall-wizards () honor icsalabs com
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Port numbers for Peer to Peer file sharing apps. Mark Whobrey (Nov 20)
- Re: Port numbers for Peer to Peer file sharing apps. Tony Howlett (Nov 20)
- Re: Port numbers for Peer to Peer file sharing apps. Mikael Olsson (Nov 21)
- Re: Port numbers for Peer to Peer file sharing apps. Eric Vyncke (Nov 22)
- Re: Port numbers for Peer to Peer file sharing apps. Mikael Olsson (Nov 22)
- Re: Port numbers for Peer to Peer file sharing apps. Eric Vyncke (Nov 22)
- Re: Port numbers for Peer to Peer file sharing apps. Eric Vyncke (Nov 22)
- <Possible follow-ups>
- RE: Port numbers for Peer to Peer file sharing apps. James Paterson (Nov 22)