Re: [fw-wiz] Port numbers for Peer to Peer file sharing apps.

From: Tony Howlett (thowlett@netsecuritysvcs.com)
Date: 11/20/02 

To: "Mark Whobrey" <mwhobrey@noment.net>
From: Tony Howlett <thowlett@netsecuritysvcs.com>
Date: Wed Nov 20 21:56:19 2002

Unfortunately many of the peer to peer apps are now using port 80 when
their default port is blocked. So blocking on just the port level is
getting less and less effective. You may get some of it, but more and
more the Ptp companies (and IM and other streaming stuff) are putting
everything on port 80, knowing that 90+% of organizations allow unlimited
web access. An internal IDS could help you catch some of it as many of
them have signatures for the major Ptp players. I have used the open
source IDS snort in just this fashion and it works pretty good (thought not
perfectly and if you have a ton of Ptp going on, it could be
overwelming). Being at a college, im sure you could get a couple of grad
students to stick a box together for you. You also might see if any of the
web content filtering guys are doing this. If they arent already it would
be a great add on for thier product.

Good luck!

At 04:22 PM 11/20/2002 -0800, you wrote:
>firewall-wizards@honor.icsalabs.com

Relevant Pages

  • Re: PSA vs PTP
    ... > But PTP is only one port in Malaysia, and PTP main customer is Mersk, ... > out the remaining 1 million TEU from Singapore PSA. ...
    (soc.culture.singapore)
  • Re: PSA vs PTP
    ... But PTP is only one port in Malaysia, and PTP main customer is Mersk, which ... There's also another 10 container port in Malaysia and if combined together, ... Why is PSA forging ahead now? ...
    (soc.culture.singapore)
  • China Shipping arm eyes stake in Malaysian port
    ... China Shipping Terminal Development Co. ... Malaysia's Port of Tanjung Pelepas (PTP) and West Port to buy a stake in either ...
    (soc.culture.malaysia)