Does someone here know how to block some P2P traffic (edonkey, kazaa etc...)
each computer in the network access to internet through a router (it could be a real physical routeur, or a dedicated computer i don't care) and i want to block/filter unwanted traffic (p2p)
any idea ? ^^
thanks.
regards.
Full Version: P2p Blocking
mhmm all p2p ports? or lock multiple connections?
P2P is tough tough tough to block. Kind of like IM.
One "security by obscurity" type of solution would be to use a stand-alone proxy (versus a transparent one) at some random IP in your network. Then set your firewall to block all outgoing traffic (or at least your workstation netblock).
That way, your average user will have extract their proxy settings from their web browser and input that into their P2P app. This will stop 75%+ of your users right there.
If they get past that level, you could put some kind of filters into your proxy to block traffic to known P2P IP addresses/URLs.
Then, after that level, you could put in some kind of scanning/filtering mechanisms for the actual traffic.
Anyway..it is a tough problem. You'll need a wholistic strategy for your entire network. I.E. lockdown desktops so users can't install them, set security policies so users will "get in trouble" for using/installing them, educate users on why not to use them, and finally using your network layers to disallow.
One "security by obscurity" type of solution would be to use a stand-alone proxy (versus a transparent one) at some random IP in your network. Then set your firewall to block all outgoing traffic (or at least your workstation netblock).
That way, your average user will have extract their proxy settings from their web browser and input that into their P2P app. This will stop 75%+ of your users right there.
If they get past that level, you could put some kind of filters into your proxy to block traffic to known P2P IP addresses/URLs.
Then, after that level, you could put in some kind of scanning/filtering mechanisms for the actual traffic.
Anyway..it is a tough problem. You'll need a wholistic strategy for your entire network. I.E. lockdown desktops so users can't install them, set security policies so users will "get in trouble" for using/installing them, educate users on why not to use them, and finally using your network layers to disallow.
p2p ports can be easily modified, and restricting multiple connections is not good solutions since a computer can need multiple connection (ip scanner for example)
however,i found this:
http://l7-filter.sourceforge.net/
it seems good, i'm already compiling ^^
however,i found this:
http://l7-filter.sourceforge.net/
it seems good, i'm already compiling ^^
p2p apps are simple to modify to evaide any kind of lock down. You would have to lock down all .exe's and that would make the comptuers useless. I was selling modified copies of Kazaa Lite at the local U. A few times my copy got leeked to the fuzz, but then i just got another $5 from everyone. It was awesome.
Edonkey is simple to block, just block all outgoing connections to addresses on this list:
hxxp://ed2k.2x4u.de/index.html
For kazaa block out going connections to port tcp 1214 i think.
For Gnutella block all the Gnutella Web Caches
For DC, block DC hubs.
If all that sounds like too much work there are countless p2p apps to be found on zeropaid.com
For Freenet and Mute, unplug your internet connection ;p .
Then what about IRC?
All a person has to do is use a proxy server and all your work would be for nothing. IF you stop Edonkey, FastTrack and Gnutella you would be stoping like 80% of p2p traffic, but people will get wise to the other networks soon enough. Eventually they will use a network that you won't be able to filter. You really can't stop p2p, and you shouldn't. Let me tell you a story. I once had a dedicated box in Malayasia. We had a 100mbit to the net and we hosted an IRCD with a bunch of xdcc bots spewing out pirated matieral all over the globe. In Malaysia it is legal to share files, however the MPAA BRIBED the local police to ARREST AND BEAT the owner of our ISP. Needlesss to say our server went down randomly and we where pissed, then we just moved hosting to china.
Now the MPAA is sending out countless letters to people shareing movies telling htem that they will sue. The MPAA has yet to sue one file swapper, they are just being asswholes.
The moral to the story is that these asswholes are trying to keep knowlage from being free. They are stealing form the artests and stealing from you. You should grow some balls and tell these Nazi mother truckers to go truck them selfs.
There is light at the end of the tunnel. In South Korea where you can get a 49/3mbit line for 13USD things are like how they will be in the US. In the past 5 years 95% of record stores have closed down. So these nazi's are dieing and soon we will be free from them.
Peace out
Edonkey is simple to block, just block all outgoing connections to addresses on this list:
hxxp://ed2k.2x4u.de/index.html
For kazaa block out going connections to port tcp 1214 i think.
For Gnutella block all the Gnutella Web Caches
For DC, block DC hubs.
If all that sounds like too much work there are countless p2p apps to be found on zeropaid.com
For Freenet and Mute, unplug your internet connection ;p .
Then what about IRC?
All a person has to do is use a proxy server and all your work would be for nothing. IF you stop Edonkey, FastTrack and Gnutella you would be stoping like 80% of p2p traffic, but people will get wise to the other networks soon enough. Eventually they will use a network that you won't be able to filter. You really can't stop p2p, and you shouldn't. Let me tell you a story. I once had a dedicated box in Malayasia. We had a 100mbit to the net and we hosted an IRCD with a bunch of xdcc bots spewing out pirated matieral all over the globe. In Malaysia it is legal to share files, however the MPAA BRIBED the local police to ARREST AND BEAT the owner of our ISP. Needlesss to say our server went down randomly and we where pissed, then we just moved hosting to china.
Now the MPAA is sending out countless letters to people shareing movies telling htem that they will sue. The MPAA has yet to sue one file swapper, they are just being asswholes.
The moral to the story is that these asswholes are trying to keep knowlage from being free. They are stealing form the artests and stealing from you. You should grow some balls and tell these Nazi mother truckers to go truck them selfs.
There is light at the end of the tunnel. In South Korea where you can get a 49/3mbit line for 13USD things are like how they will be in the US. In the past 5 years 95% of record stores have closed down. So these nazi's are dieing and soon we will be free from them.
Peace out
Wow l7-filter works perfectly, it determines packet with pattern maching, so you can change the port or modifty the exe, it catch it anyway ^^
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
