P2P Blocking $300
-
I need a way to block the MOST commonly used P2P apps. This is my first time posting a bounty so forgive me if I leave any thing out.
I believe that snort should be able to do this but snort2c needs to be modified so that it blocks both the src and dst IPs. Currently snort2c only blocks the src IP. In the case of p2p that is usually my own public IP. Since I whitelist my own ip nothing gets blocked. But snort IS detecting the traffic AND generating alerts. Due to the way my network is organized it is not possible to run snort on the LAN interface. If any one can make this change to snort2c please respond.
I am not dead set on using snort it just seems (from my prospective) that it would be the easiest way since most of the functionality is already there. If you know of another way to block P2P traffic I would be game.
-
Snort doesnt block traffic, it only reports it. there are modules that run on top of snort to provide that automated feature but in the words of a great man "its like giving a pig a machine gun".
it wont catch everything, it may overstep its bounds, and it gives a perfect vector for someone on the outside to make you kill your own internet access by causing you to pretty much block all connections outbound.the queue feature seems to really help and you may have better success with that by asking for a "drop" priority instead of the "low" priority which is best you can do without writing direct port rules.
-
Where can you ask for a "drop" priority for p2p?