block p2p traffic

Eric Peters eric at linuxsystems.net
Tue Jun 8 15:52:27 UTC 2010 

I agree, proactively monitoring your network, makes for good practice, and
also peace of mind. Security through obscurity, and passive reactionary
monitoring is just asking for your network to be abused. Here are just some
tools that I use on a daily basis which would easily detect p2p traffic and
other abuses.

Ntop        = *ntop* is a network traffic probe that shows the network
usage, similar to what the popular top Unix command does, but prettier!
Snort       = *Snort* is a free and open source network intrusion prevention
system (NIPS) and network intrusion detection system (NIDS)
Snorby     = Great front end for Snort, I'm currently working on a howto for
this under Ubuntu 10.4
ET Rules  = Emerging Threats is an open source community project with the
fastest moving and most diverse Snort Signature set and firewall rules
available
Wireshark = *Wireshark* is a network protocol analyzer
nmap       = Security Scanner For Network Exploration & computer scanning

I'm curious as to what everyone else is using? Did I leave anything out?
What's your thoughts on this subject?


Cheers,
Eric


On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders <dsanders at jsu.edu> wrote:

> I second Paul that is the way to go, once one finds out they have eyes on
> them, it "can" fix it's self.  We had a problem with an individual serving
> up files and the big bad record industry sent a letter. That gave us the
> right to cut the user off. Once turned back on behavior changed.   You will
> get some flack on the front end but over time a majority of the community
> will get in line.
>
>   Danny Michael Sanders
>   IT Support Analyst
>
> ----- "Paul Graydon" <paul at paulgraydon.co.uk> wrote:
> > That will help, but realistically you're going to have to block every
> "high port" to stop P2P through that method.
> >
> > The only way to effectively block P2P is to do packet sniffing and
> analysis.. and that's just one big hassle.
> >
> > My belief is this is usually the wrong way to tackle the problem, looking
> for a technical solution to a human resource problem.
> > User education (and LARTing if necessary) is the key.  Using software
> like Cacti to monitor and graph per-port traffic stats, identify the largest
> bandwidth users and then focus on them and find out just why they're using
> up so much bandwidth.
> > It's remarkable just how soon the problem all goes away after you find
> just one or two individuals who are abusing the network infrastructure and
> explain to them what the disciplinary procedures are (or enact if it's
> appropriate and you have concrete evidence.)  The message soon spreads!
> >
> > Paul
> >
> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>
> Hello,
> >
> > You can use these iptables rules, because I don't like, don't use and I
> don't wanna learn ufw. hehehehehe
> >
> > # Block P2P connections
> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
> > iptables -A FORWARD -p udp --dport 1981 -j DROP
> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
> > iptables -A FORWARD -p udp --dport 2037 -j DROP
> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
> > iptables -A FORWARD -p udp --dport 3501 -j DROP
> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
> > iptables -A FORWARD -p udp --dport 3531 -j DROP
> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
> > iptables -A FORWARD -p udp --dport 3587 -j DROP
> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
> > iptables -A FORWARD -p udp --dport 3955 -j DROP
> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
> > iptables -A FORWARD -p udp --dport 4242 -j DROP
> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
> > iptables -A FORWARD -p udp --dport 4688 -j DROP
> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
> > iptables -A FORWARD -p udp --dport 5121 -j DROP
> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
> > iptables -A FORWARD -p udp --dport 5662 -j DROP
> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
> > iptables -A FORWARD -p udp --dport 6699 -j DROP
> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
> > iptables -A FORWARD -p udp --dport 8473 -j DROP
> >
> >
> >
> >
> > 2010/6/4 Kaushal Shriyan <kaushalshriyan at gmail.com>
> >
>>
>> Hi,
>> >
>> > is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>> >
>> > Thanks,
>> >
>> > Kaushal
>> >
>> > --
>> > ubuntu-server mailing list
>> > ubuntu-server at lists.ubuntu.com
>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> > More info: https://wiki.ubuntu.com/ServerTeam
>> >
>
>
> >
>
> > --
> > Greyson Farias
> > Técnico em Informática - CREA/AC 9329TD
> > Ubuntu user
> > Eu prefiro receber documentos em ODF.
> > http://ubuntu.com/download/getubuntu
> > Blog Ubuntu Acre: http://ubuntu-ac.org
> >
>
>
> >
> >
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100608/71fe3703/attachment.html>

More information about the ubuntu-server mailing list