| Author |
Message |
David Gabriel
Guest
|
 Posted:
Sun Jan 16, 2005 12:19 am Post subject:
Blocking Warez P2P |
|
|
I'm looking for the port ranges for the WAREZ P2P client so I can disable
them up/down.
Thanks
David |
|
| Back to top |
|
 |
Bas Keur
Guest
|
| Posted:
Sun Jan 16, 2005 2:28 am Post subject:
Re: Blocking Warez P2P |
|
|
| Quote: | I'm looking for the port ranges for the WAREZ P2P client so I can disable
them up/down.
|
drop TCP 6345 <> 6349
BUT.... this won't solve your problem. It does however help you
in the sense that whoever is P2P'ing after that is clearly breaking
your `zero tolerance` traffic rule. (You need to have one)
Why ?
Todays P2P clients will do anything to reach the net, it will even
leave the network over port 80 if it can't make a connection to the
internet, how rude :)
While i know the benifit of proxy's, i refuse to implant one just to stop
P2P traffic.
(Unless you have a $$$ layer 7 appliance firewall with an IDS module in it)
I suggest you inform (crack some skulls) the people on your lan not to use
P2P
on the LAN if they know whats good for them :)
(You can spot P2P pretty well with snort www.snort.org)
--
] Bas Keur
] `Energizer Bunny arrested, charged with battery` |
|
| Back to top |
|
|
David Gabriel
Guest
|
| Posted:
Sun Jan 16, 2005 2:52 am Post subject:
Re: Blocking Warez P2P |
|
|
Most helpful,
thank you
"Bas Keur" <bas.keur@dmrt.net> wrote in message
news:41e98b0b$0$6208$e4fe514c@news.xs4all.nl...
| Quote: | I'm looking for the port ranges for the WAREZ P2P client so I can disable
them up/down.
drop TCP 6345 <> 6349
BUT.... this won't solve your problem. It does however help you
in the sense that whoever is P2P'ing after that is clearly breaking
your `zero tolerance` traffic rule. (You need to have one)
Why ?
Todays P2P clients will do anything to reach the net, it will even
leave the network over port 80 if it can't make a connection to the
internet, how rude :)
While i know the benifit of proxy's, i refuse to implant one just to stop
P2P traffic.
(Unless you have a $$$ layer 7 appliance firewall with an IDS module in
it)
I suggest you inform (crack some skulls) the people on your lan not to use
P2P
on the LAN if they know whats good for them :)
(You can spot P2P pretty well with snort www.snort.org)
--
] Bas Keur
] `Energizer Bunny arrested, charged with battery`
|
|
|
| Back to top |
|
|
Mark S
Guest
|
| Posted:
Mon Jan 17, 2005 2:11 am Post subject:
Re: Blocking Warez P2P |
|
|
L7 firewalls are much more affordable these days, both Netscreen & Sonicwall
offer built in IDP which will detect and drop P2P traffic, even on their
entry level boxes.
"David Gabriel" <avidmag@hotmail.com> wrote in message
news:dggGd.3470$av2.176@trndny02...
| Quote: | Most helpful,
thank you
"Bas Keur" <bas.keur@dmrt.net> wrote in message
news:41e98b0b$0$6208$e4fe514c@news.xs4all.nl...
I'm looking for the port ranges for the WAREZ P2P client so I can
disable
them up/down.
drop TCP 6345 <> 6349
BUT.... this won't solve your problem. It does however help you
in the sense that whoever is P2P'ing after that is clearly breaking
your `zero tolerance` traffic rule. (You need to have one)
Why ?
Todays P2P clients will do anything to reach the net, it will even
leave the network over port 80 if it can't make a connection to the
internet, how rude :)
While i know the benifit of proxy's, i refuse to implant one just to
stop
P2P traffic.
(Unless you have a $$$ layer 7 appliance firewall with an IDS module in
it)
I suggest you inform (crack some skulls) the people on your lan not to
use
P2P
on the LAN if they know whats good for them :)
(You can spot P2P pretty well with snort www.snort.org)
--
] Bas Keur
] `Energizer Bunny arrested, charged with battery`
|
|
|
| Back to top |
|
|
columbotrek
Guest
|
| Posted:
Mon Jan 17, 2005 3:04 am Post subject:
Re: Blocking Warez P2P |
|
|
David Gabriel wrote:
| Quote: | I'm looking for the port ranges for the WAREZ P2P client so I can disable
them up/down.
Thanks
David
Like was said before, A layer 7 Internet filter will do the trick. Where |
I work we use esafe with their applifilter option behind a check point
firewall. I find this combination very effective at blocking all kinds
of P2P sharing networks. It also blocks adware and spyware and scans
http and ftp file transfers for virus and other oddities. Even kills 3rd
party browser tool bars. It took me several weeks of refining the
policy mostly figuring out what to unblock. But since I have installed
it, the number of exploits on our network of 2000 work stations has
dropped to almost zero. Its not an inexpensive solution but it is
working great. |
|
| Back to top |
|
|
Jose Maria Lopez Hernande
Guest
|
| Posted:
Mon Jan 17, 2005 6:08 pm Post subject:
Re: Blocking Warez P2P |
|
|
Mark S wrote:
| Quote: | L7 firewalls are much more affordable these days, both Netscreen & Sonicwall
offer built in IDP which will detect and drop P2P traffic, even on their
entry level boxes.
|
You can drop some of the p2p traffic with ACLs in Squid, and also
there's L7 filtering in Linux. I haven't tried yet, so I can tell
how good it is.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road" |
|
| Back to top |
|
|
Greg Hennessy
Guest
|
| Posted:
Mon Jan 17, 2005 6:43 pm Post subject:
Re: Blocking Warez P2P |
|
|
On Mon, 17 Jan 2005 14:08:10 +0100, Jose Maria Lopez Hernandez
<jkerouac@bgsec.com> wrote:
| Quote: | Mark S wrote:
L7 firewalls are much more affordable these days, both Netscreen & Sonicwall
offer built in IDP which will detect and drop P2P traffic, even on their
entry level boxes.
You can drop some of the p2p traffic with ACLs in Squid,
|
Or use some of the shunning tools available for snort.
| Quote: | and also there's L7 filtering in Linux. I haven't tried yet, so I can tell
how good it is.
|
If you are referring to packet based regex in Netfilter/IPTables, it's
crap.
greg
--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone |
|
| Back to top |
|
|
Bas Keur
Guest
|
| Posted:
Tue Jan 25, 2005 11:49 pm Post subject:
Re: Blocking Warez P2P |
|
|
| Quote: | L7 firewalls are much more affordable these days, both Netscreen &
Sonicwall
offer built in IDP which will detect and drop P2P traffic, even on their
entry level boxes.
|
True, but those el'cheapo L7 boxes aren't realy as flexible as your regular
packet filter will be. So to have both you will be facing a $$$ box :)
-Bas |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in