Couple of questions
-
1 : How can I add additional protocols to the list of 'blockable' protocols, I am keen to be able to stop peer to peer file shating such as bittorrent / edonkey, chat services and media streaming i.e. internet radio / you tube on certain addresses (guests who think bandwidth is free), I don't want to stop their access but I do want to tighten things up.
2 : Too tired to read - how do you access the files on the pFSense box WITHOUT using the console - I have pFSense running on an old dell server in a black hole with no keyboard / mouse screen or otherwise - is it possible somehow to get a 'terminal' window or remote console session going?
3 : Does any one know of a decent syslog app thats reasonably well featured and uses SQL - and doesn't require a mortgage to buy.
-
"couple" means two ;)
-
;D
I thought of another and was too lazy to go back up ::)
-
-
You mean application protocol? Snort is probably the only way to do that, if you can signature the protocol you want to block (which is non trivial)
-
Yes, SSH
-
For what OS? ISTR that Syslog-NG will do that.
-
-
Thanks, I am sure a bit of tracking and packet capture will help the fingerprinting but somebody must have done the common ones - there aren't many in the drop down list anyway.
ssh - thanks - I knew there must be an easier way.
as part of the website hosting I have a full cream SQL server and I am hosting using server 2008 currently. I do plan to move across to a linux / apache platform and use some sort of CMS but for now I am stuck with Server 2003 or 2008 as an OS, I will check Syslog-NG out thanks.
-
Those "common ones" are shorthands for well known ports. That's all - there's nothing to do with the actual application signatures.
-
I guess I was hoping to use port number in combination with IP address since apps like messenger and a few others now try to sneak out on port 80.
The problem for me on the port rule is that occassionally apps like the ftp server will try to use these 'banned' ports.
So far I have settled for tracert'ing all the well known ones and building their IP address into an alias for blocking.
As for the p2p I have gone into traffic shaping and set the upload / download allowance to zero.