IDS mailing list archives

Re: blocking p2p traffic

From: Ravi <ravivsn () roc co in>
Date: Fri, 05 Mar 2004 09:08:56 +0530

Hi Yashodhan,

- Snort have rules to identify p2p connections and uses flexresp toblock the connections.- You are right that p2p applications changes port numbers in orderto hide their identity, so use nessus to detect such p2p applicationsfrequently and get the details. For this I suppose your IDS/IPS shouldhave target intelligence. or develop target intelligence over nessus andsnort.

Hope this helps,
-Ravi
ROCSYS Technologies Ltd
http://www.rocsys.com
Hyderabad
INDIA

Deshpande, Yashodhan wrote:

Hi,

   Any information regarding IDS/IPS software available which blocks p2p traffic? Or in general any information 
regarding how to identify p2p application is running and may be configure firewall to block such traffic. In general it 
is observed that such applications do not work on = single port and do port hopping. How to block them?

Any inputs on the same would be appreciated.


Thanks,

Yashodhan

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial athttp://www.securityfocus.com/sponsor/Astaro_focus-ids_040301

---------------------------------------------------------------------------





---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial athttp://www.securityfocus.com/sponsor/Astaro_focus-ids_040301

---------------------------------------------------------------------------

Current thread:

blocking p2p traffic Deshpande, Yashodhan (Mar 04)
- Re: blocking p2p traffic Juan Carlos Davila (Mar 04)
- Re: blocking p2p traffic Asbjørn Eliassen (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
  - Re: blocking p2p traffic Helder Miguel Rodrigues (Mar 08)
- Re: blocking p2p traffic Shaiful (Mar 08)
- Re: blocking p2p traffic Ravi (Mar 08)
- Re: blocking p2p traffic Joakim Andersson (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Petr Ruzicka (Mar 12)
- <Possible follow-ups>
- RE: blocking p2p traffic Gary Freeman (Mar 04)
  - RE: blocking p2p traffic josh (Mar 08)
- RE: blocking p2p traffic Zach Forsyth (Mar 08)
- Re: blocking p2p traffic Dean Smith (Mar 08)
- RE: blocking p2p traffic Vincent . Maes (Mar 08)
- RE: blocking p2p traffic James Williams (Mar 08)
  - Re: blocking p2p traffic Michael Stone (Mar 12)

(Thread continues...)