RE: blocking p2p traffic
From: Gary Freeman (Gary.Freeman_at_rci.rogers.com)
Date: 03/04/04
- Previous message: Kurt Seifried: "Re: Any Intrusion Detection Appliances handle wired and wireless networks?"
- Maybe in reply to: Deshpande, Yashodhan: "blocking p2p traffic"
- Next in thread: josh: "RE: blocking p2p traffic"
- Reply: josh: "RE: blocking p2p traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 4 Mar 2004 12:26:13 -0500 To: "Deshpande, Yashodhan" <ydeshpande@ipolicynet.com>, <focus-ids@securityfocus.com>
Snort has a feature called Flex Response (--enable-flexresp)that will
intercept a p2P session and doesn't actually 'block' connections, it
uses spoofed RST's (when TCP traffic trips a flexresp enabled rule) and
ICMP error messages (when UDP traffic trips a flexresp enabled rule) to
fool the offending machine into thinking that the box on the other end
is tearing down the connection for some reason (TCP) or that the
network/box/port doesn't exist or isn't open (UDP). This feature can be
used to match IPs, URLs, ports and other regular expressions. Can be
very powerful but will eat lots of CPU cycles with large rulebases and
will dive with gig taps.
Gary Freeman
Network Security Specialist
-----Original Message-----
From: Deshpande, Yashodhan [mailto:ydeshpande@ipolicynet.com]
Sent: Wednesday, March 03, 2004 7:24 PM
To: focus-ids@securityfocus.com
Subject: blocking p2p traffic
Hi,
Any information regarding IDS/IPS software available which blocks
p2p traffic? Or in general any information regarding how to identify p2p
application is running and may be configure firewall to block such
traffic. In general it is observed that such applications do not work on
= single port and do port hopping. How to block them?
Any inputs on the same would be appreciated.
Thanks,
Yashodhan
------------------------------------------------------------------------
--- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
- Previous message: Kurt Seifried: "Re: Any Intrusion Detection Appliances handle wired and wireless networks?"
- Maybe in reply to: Deshpande, Yashodhan: "blocking p2p traffic"
- Next in thread: josh: "RE: blocking p2p traffic"
- Reply: josh: "RE: blocking p2p traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
