RE: blocking p2p traffic

From: Gary Freeman (Gary.Freeman_at_rci.rogers.com)
Date: 03/04/04

  • Next message: Asbjørn Eliassen: "Re: blocking p2p traffic"
    Date: Thu, 4 Mar 2004 12:26:13 -0500
    To: "Deshpande, Yashodhan" <ydeshpande@ipolicynet.com>, <focus-ids@securityfocus.com>
    
    

    Snort has a feature called Flex Response (--enable-flexresp)that will
    intercept a p2P session and doesn't actually 'block' connections, it
    uses spoofed RST's (when TCP traffic trips a flexresp enabled rule) and
    ICMP error messages (when UDP traffic trips a flexresp enabled rule) to
    fool the offending machine into thinking that the box on the other end
    is tearing down the connection for some reason (TCP) or that the
    network/box/port doesn't exist or isn't open (UDP). This feature can be
    used to match IPs, URLs, ports and other regular expressions. Can be
    very powerful but will eat lots of CPU cycles with large rulebases and
    will dive with gig taps.

    Gary Freeman
    Network Security Specialist

    -----Original Message-----
    From: Deshpande, Yashodhan [mailto:ydeshpande@ipolicynet.com]
    Sent: Wednesday, March 03, 2004 7:24 PM
    To: focus-ids@securityfocus.com
    Subject: blocking p2p traffic

    Hi,

        Any information regarding IDS/IPS software available which blocks
    p2p traffic? Or in general any information regarding how to identify p2p
    application is running and may be configure firewall to block such
    traffic. In general it is observed that such applications do not work on
    = single port and do port hopping. How to block them?

    Any inputs on the same would be appreciated.

    Thanks,

    Yashodhan

    ------------------------------------------------------------------------

    ---
    Free 30-day trial: firewall with virus/spam protection, URL filtering,
    VPN,
    wireless security
    Protect your network against hackers, viruses, spam and other risks with
    Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total
    cost of
    ownership.
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security
    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.
    Download your free trial at 
    http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
    ---------------------------------------------------------------------------
    

  • Next message: Asbjørn Eliassen: "Re: blocking p2p traffic"

    Relevant Pages

    • Re: Any Intrusion Detection Appliances handle wired and wireless networks?
      ... > Network Security Specialist ... firewall with virus/spam protection, URL filtering, VPN, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • RE: Entercept HIDS Question
      ... This is one of those it depends on your network and application ... Subject: Entercept HIDS Question ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: DHCP or Probe?
      ... somewhat limited understanding of cable network architecture, ... >> Security Linux, the comprehensive security solution that combines six ... > Protect your network against hackers, viruses, spam and other risks with Astaro ...
      (Incidents)
    • Re: IIS Search Method Overflow being revisted?
      ... firewall with virus/spam protection, URL filtering, VPN, ... Protect your network against hackers, viruses, spam and other risks with Astaro ... Security Linux, the comprehensive security solution that combines six ...
      (Incidents)
    • RE: help with exchange
      ... Network Administrator ... Subject: help with exchange ... Security Linux, the comprehensive security solution that combines six ...
      (Security-Basics)