Snort mailing list archives

Re: P2P Rules and Sending TCP Resets.

From: "Josh Berry" <josh.berry () netschematics com>
Date: Fri, 27 Feb 2004 17:33:29 -0600 (CST)

In order to use tcp-resets, you will have to build snort with
--enable-flexresp (or --enable-flexresp2).  What I would do is use
Snort-Inline at the perimeter and block it inline instead.

Hi, We're receiving a lot of complaints regarding copyright infringements
from users within our Network using P2P software. Dealing with the
complaints about P2P use is almost a full time job in itself at the
moment.

We've succesfully managed to block some applications using Cisco NBAR but
the more clued up students are configuring their P2P clients to use high
port numbers which is giving us problems with Gnutella, Fasttrack and Bit
Torrent in particular. We have managed to identify these users with Snort
running on NetBSD. I've read about TCP resets in the archives but can't
find any examples of how to implement this, can anyone help please?

Regards

Rob Ward
Network Northwest Support
University of Liverpool
Computing Services Department

Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



Thanks,
Josh Berry, CISSP
CTO, VP of Product Development
LinkNet-Solutions
469-831-8543
josh.berry () linknet-solutions com



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

P2P Rules and Sending TCP Resets. Rob Ward (Feb 27)
- Re: P2P Rules and Sending TCP Resets. Josh Berry (Feb 27)
- <Possible follow-ups>
- RE: P2P Rules and Sending TCP Resets. Chas Tomlin (Feb 27)