Re: [fw-wiz] stop microsoft p2p
From: Michael LaPane (firstname.lastname@example.org)
To: "Robert E. Martin" <email@example.com> From: Michael LaPane <firstname.lastname@example.org> Date: Fri, 28 Mar 2003 13:55:25 -0500
Make sure you are careful with the flexresp option in snort if you go
that route - some of the kids are gonna get smart and fool your snort
sensor into killing connections to your router or mail server, etc. :-)
Automatic response with an IDS requires careful planning ;-)
But, it's probably your only option unless you come down with an iron
fist and have them boot their desktops from a server image... and you
control all of the software. Of course, things like Knoppix will help
them get past that too. Hmm, thin client computing...
Anyway, there's a tool called ettercap that does arp poisoning (like
dsniff) - you could try that - but that can be quite tedious.
On Thursday, March 27, 2003, at 08:42 AM, Robert E. Martin wrote:
> Anyone heard of a device or gizmo that replaces a hub or switch that
> can stop p2p or microsoft file sharing? scenario: two computers on the
> same segment connected via a hub or switch sharing files between
> themselves. Does not have to be music, could be data files, photos,
> copywritten data etc.. Can that be stopped?
> Robert E Martin
> IT Manager
> Fishburne Military School
> firewall-wizards mailing list
firewall-wizards mailing list