4. Block P2P seems like mission impossible

Block P2P seems like mission impossible

  • R

    Hi everyone

    I have one machine running Pfsense it´s working as gateway and also doing the PPPoe connecting to my ISP.(wan PPPoe)

    I am trying to block all P2P(all is very hard but at least the most common) ,i am using snort and i checked the snort rulles and the correct ports to block are configured ad block offenders is enable.But it does not block everything it blocks the P2P Upload (in the emule case) but it does not block the download.  >:(

    I allready read somewhere in the forum that some P2P use also htttp does this mean it's a mission impossible to compleatly block it. ???

    thanks

    0
  • M

    you could proxy the http connections, that should block out the p2p apps trying to use that port, or you could write something like Checkpoints Smartdefense for pfsense ;)

    0
  • C

    There's no way to completely block P2P, even if we did have something like CheckPoint SmartDefense, because a lot of P2P apps now can encrypt their traffic and run over common ports, so it looks no different from say HTTPS or a VPN connection.

    The unencrypted ones should be blockable with snort, but I'm not familiar with that.

    0
  • H

    The snort package has some p2p detection rules. In combination with the block offenders checkbox you can shut some of this traffic down (unless it's using the "stealth" techniques cmb already mentioned).

    0
  • S

    I have tried to use snort to block p2p but often the first ip in the alert is my wan IP.  (which is white listed)  Is it possible to have snort block both IPs in the alert?

    0
  • G

    Have you looked into a packet shaping appliance. I'm not sure if you want to spend much money, but shaping can at least help control P2P. You can get something like a netequalizer for a few thousand dollars.

    0
  • S

    We don't want to slowdown the p2p we want to stop the most common apps from working at all.  It seems that snort would be perfect for this if only it could be set to block both the src and dst ips when an alert is generated.

    0
  • H

    hi

    using  traffic quota for every user, and if the traffic exceed the quota then his internet will be blocked or slow down to minimum bandwidth.

    hadi57

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy