IDS mailing list archives
RE: blocking p2p traffic
From: josh <josh () tkos co il>
Date: Mon, 8 Mar 2004 11:52:30 +0200 (IST)
Hi, Any information regarding IDS/IPS software available which blocks p2p traffic? Or in general any information regarding how to identify p2p application is running and may be configure firewall to block such traffic. In general it is observed that such applications do not work on = single port and do port hopping. How to block them? Any inputs on the same would be appreciated.
Hi Most p2p will use port 80 after their native ports are closed in your firewall. Originally I tried to block p2p with snort but I was getting to many false positives. I found a much more effective way was to setup squid as a transparent proxy. The p2p requests are not legal http requests thus squid will not pass them on. I also added some rules in squid to block certain instant messengers based on mime type.
Thanks, Yashodhan
-- - josh 94 F8 9F 3E 9A DB 6E FC F8 17 F1 B4 C7 51 CB AA ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - josh () tkos co il - tel: +972.58.520.636, http://www.tkos.co.il --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
Current thread:
- Re: blocking p2p traffic, (continued)
- Re: blocking p2p traffic Juan Carlos Davila (Mar 04)
- Re: blocking p2p traffic Asbjørn Eliassen (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Helder Miguel Rodrigues (Mar 08)
- Re: blocking p2p traffic Shaiful (Mar 08)
- Re: blocking p2p traffic Ravi (Mar 08)
- Re: blocking p2p traffic Joakim Andersson (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Petr Ruzicka (Mar 12)
- RE: blocking p2p traffic Gary Freeman (Mar 04)
- RE: blocking p2p traffic josh (Mar 08)
- RE: blocking p2p traffic Zach Forsyth (Mar 08)
- Re: blocking p2p traffic Dean Smith (Mar 08)
- RE: blocking p2p traffic Vincent . Maes (Mar 08)
- RE: blocking p2p traffic James Williams (Mar 08)
- Re: blocking p2p traffic Michael Stone (Mar 12)
- RE: blocking p2p traffic InfoSec (Mar 08)
- Re: blocking p2p traffic Jens Matthes (Mar 12)
- Re: blocking p2p traffic Jeff Kell (Mar 12)
- Re: blocking p2p traffic Brian Smith (Mar 15)