Posted 01 November 2004 - 07:20 AM
each computer in the network access to internet through a router (it could be a real physical routeur, or a dedicated computer i don't care) and i want to block/filter unwanted traffic (p2p)
any idea ? ^^
Posted 01 November 2004 - 07:39 AM
One "security by obscurity" type of solution would be to use a stand-alone proxy (versus a transparent one) at some random IP in your network. Then set your firewall to block all outgoing traffic (or at least your workstation netblock).
That way, your average user will have extract their proxy settings from their web browser and input that into their P2P app. This will stop 75%+ of your users right there.
If they get past that level, you could put some kind of filters into your proxy to block traffic to known P2P IP addresses/URLs.
Then, after that level, you could put in some kind of scanning/filtering mechanisms for the actual traffic.
Anyway..it is a tough problem. You'll need a wholistic strategy for your entire network. I.E. lockdown desktops so users can't install them, set security policies so users will "get in trouble" for using/installing them, educate users on why not to use them, and finally using your network layers to disallow.
Posted 01 November 2004 - 07:40 AM
however,i found this:
it seems good, i'm already compiling ^^
Posted 01 November 2004 - 10:03 AM
Edonkey is simple to block, just block all outgoing connections to addresses on this list:
For kazaa block out going connections to port tcp 1214 i think.
For Gnutella block all the Gnutella Web Caches
For DC, block DC hubs.
If all that sounds like too much work there are countless p2p apps to be found on zeropaid.com
For Freenet and Mute, unplug your internet connection ;p .
Then what about IRC?
All a person has to do is use a proxy server and all your work would be for nothing. IF you stop Edonkey, FastTrack and Gnutella you would be stoping like 80% of p2p traffic, but people will get wise to the other networks soon enough. Eventually they will use a network that you won't be able to filter. You really can't stop p2p, and you shouldn't. Let me tell you a story. I once had a dedicated box in Malayasia. We had a 100mbit to the net and we hosted an IRCD with a bunch of xdcc bots spewing out pirated matieral all over the globe. In Malaysia it is legal to share files, however the MPAA BRIBED the local police to ARREST AND BEAT the owner of our ISP. Needlesss to say our server went down randomly and we where pissed, then we just moved hosting to china.
Now the MPAA is sending out countless letters to people shareing movies telling htem that they will sue. The MPAA has yet to sue one file swapper, they are just being asswholes.
The moral to the story is that these asswholes are trying to keep knowlage from being free. They are stealing form the artests and stealing from you. You should grow some balls and tell these Nazi mother truckers to go truck them selfs.
There is light at the end of the tunnel. In South Korea where you can get a 49/3mbit line for 13USD things are like how they will be in the US. In the past 5 years 95% of record stores have closed down. So these nazi's are dieing and soon we will be free from them.
Posted 01 November 2004 - 12:38 PM
Posted 06 December 2006 - 02:17 AM
Wow l7-filter works perfectly, it determines packet with pattern maching, so you can change the port or modifty the exe, it catch it anyway ^^
Posted 06 December 2006 - 04:59 AM
"As a young boy, I was taught in high school that hacking was cool." -Kevin Mitnick
"It's easy to point and click programs, but thats not real hacking." -illwill
Posted 06 December 2006 - 10:00 AM
1) Disable the traffic by port
2) Implement a protocol based recognition filter
Posted 06 December 2006 - 09:18 PM
And I have to respond to AgentOrange even though it sounded a little "troll like", in a corporate environment it is not your network, bandwidth, or system to use as you feel like. If corporate policy says you cant A: you just shouldn't and B: I can do anything I want to stop you (including firing you). Go home and get your dose of free speech and porn, just use your own machine and your own bandwidth.
Plus think of all the virus and other malicious files that exist on file sharing networks, yet another way to get bad stuff into the corporate network.
Now at a university its a little different as you are paying for that Internet connection either through tuition or outright "tech" fees. In any case all I can say is as long as you don't hog the bandwidth I don't see a huge issue so time to whip out the packeteer and rate limit your massive porn downloads.
The gopher is back!
Posted 06 December 2006 - 11:27 PM
I used to fight it ( in times of kazza glory - so kinda long time ago ) with squid + header matching based on iptables but its endless deathmatch :/
New p2p soft is released far too often to catch on it.
Posted 07 December 2006 - 01:39 PM
Posted 08 December 2006 - 11:34 AM
Most of the bandwidth 'shaping' appliances understand the p2p protocol very well.
Simply tune the bandwidth allowed to 0, thus effectively disabling p2p altogether.
I am not following you...so you are saying that you can detect a P2P protocol by the amount of bandwidth that is used? Considering that some of the Gnutella protocol is similiar to HTTP traffic. I would have to see it to believe it....there is not just "one" protocol that is used....I could make up my own if I wanted to. I could make it any size I wanted with packing.
Posted 08 December 2006 - 11:53 AM
The best way to use these devices is to setup groups of applications starting with normal should be allowed as much as possible, then ones that are OK but shouldn't take precedence like realplayer, then dump everything else into the crap bin and limit it down.
The gopher is back!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users