IDS mailing list archives

RE: blocking p2p traffic

From: "Gary Freeman" <Gary.Freeman () rci rogers com>
Date: Thu, 4 Mar 2004 12:26:13 -0500

Snort has a feature called Flex Response (--enable-flexresp)that will
intercept a p2P session and doesn't actually 'block' connections, it
uses spoofed RST's (when TCP traffic trips a flexresp enabled rule) and
ICMP error messages (when UDP traffic trips a flexresp enabled rule) to
fool the offending machine into thinking that the box on the other end
is tearing down the connection for some reason (TCP) or that the
network/box/port doesn't exist or isn't open (UDP). This feature can be
used to match IPs, URLs, ports and other regular expressions.  Can be
very powerful but will eat lots of CPU cycles with large rulebases and
will dive with gig taps.

Gary Freeman
Network Security Specialist

-----Original Message-----
From: Deshpande, Yashodhan [mailto:ydeshpande () ipolicynet com] 
Sent: Wednesday, March 03, 2004 7:24 PM
To: focus-ids () securityfocus com
Subject: blocking p2p traffic

Hi,

    Any information regarding IDS/IPS software available which blocks
p2p traffic? Or in general any information regarding how to identify p2p
application is running and may be configure firewall to block such
traffic. In general it is observed that such applications do not work on
= single port and do port hopping. How to block them?

Any inputs on the same would be appreciated.


Thanks,

Yashodhan

------------------------------------------------------------------------
---
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with
Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total
cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------

Current thread:

blocking p2p traffic Deshpande, Yashodhan (Mar 04)
- Re: blocking p2p traffic Juan Carlos Davila (Mar 04)
- Re: blocking p2p traffic Asbjørn Eliassen (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
  - Re: blocking p2p traffic Helder Miguel Rodrigues (Mar 08)
- Re: blocking p2p traffic Shaiful (Mar 08)
- Re: blocking p2p traffic Ravi (Mar 08)
- Re: blocking p2p traffic Joakim Andersson (Mar 08)
- RE: blocking p2p traffic Steve Paine (Mar 08)
- Re: blocking p2p traffic Petr Ruzicka (Mar 12)
- <Possible follow-ups>
- RE: blocking p2p traffic Gary Freeman (Mar 04)
  - RE: blocking p2p traffic josh (Mar 08)
- RE: blocking p2p traffic Zach Forsyth (Mar 08)
- Re: blocking p2p traffic Dean Smith (Mar 08)
- RE: blocking p2p traffic Vincent . Maes (Mar 08)
- RE: blocking p2p traffic James Williams (Mar 08)
  - Re: blocking p2p traffic Michael Stone (Mar 12)
- RE: blocking p2p traffic InfoSec (Mar 08)
  - Re: blocking p2p traffic Jens Matthes (Mar 12)
  - Re: blocking p2p traffic Jeff Kell (Mar 12)
- Re: blocking p2p traffic Brian Smith (Mar 15)