RE: blocking p2p traffic

[josh <josh () tkos co il>]

> Hi,
>
>     Any information regarding IDS/IPS software available which blocks
> p2p traffic? Or in general any information regarding how to identify p2p
> application is running and may be configure firewall to block such
> traffic. In general it is observed that such applications do not work on
> = single port and do port hopping. How to block them?
>
> Any inputs on the same would be appreciated.

Hi
Most p2p will use port 80 after their native ports are closed in your
firewall. Originally I tried to block p2p with snort but I was getting
to many false positives. I found a much more effective way was to setup
squid as a transparent proxy. The p2p requests are not legal http
requests thus squid will not pass them on. I also added some rules in
squid to block certain instant messengers based on mime type.

> Thanks,
>
> Yashodhan

-- 
  - josh

  94 F8 9F 3E 9A DB 6E FC  F8 17 F1 B4 C7 51 CB AA   ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - josh () tkos co il - tel: +972.58.520.636, http://www.tkos.co.il


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------