block p2p traffic
Bill
bassbuster at billbeau.net
Tue Jun 8 16:51:08 UTC 2010
I also use snmp and mrtg. I like seeing how much traffic is coming
through during the night.
On 6/8/2010 8:52 AM, Eric Peters wrote:
> I agree, proactively monitoring your network, makes for good practice,
> and also peace of mind. Security through obscurity, and passive
> reactionary monitoring is just asking for your network to be abused.
> Here are just some tools that I use on a daily basis which
> would easily detect p2p traffic and other abuses.
>
> Ntop = /ntop/ is a network traffic probe that shows the network
> usage, similar to what the popular top Unix command does, but prettier!
> Snort = /Snort/ is a free and open source network intrusion
> prevention system (NIPS) and network intrusion detection system (NIDS)
> Snorby = Great front end for Snort, I'm currently working on a howto
> for this under Ubuntu 10.4
> ET Rules = Emerging Threats is an open source community project with
> the fastest moving and most diverse Snort Signature set and firewall
> rules available
> Wireshark = /Wireshark/ is a network protocol analyzer
> nmap = Security Scanner For Network Exploration & computer scanning
>
> I'm curious as to what everyone else is using? Did I leave anything out?
> What's your thoughts on this subject?
>
>
> Cheers,
> Eric
>
>
> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders <dsanders at jsu.edu
> <mailto:dsanders at jsu.edu>> wrote:
>
> I second Paul that is the way to go, once one finds out they have
> eyes on them, it "can" fix it's self. We had a problem with an
> individual serving up files and the big bad record industry sent a
> letter. That gave us the right to cut the user off. Once turned back
> on behavior changed. You will get some flack on the front end but
> over time a majority of the community will get in line.
>
> Danny Michael Sanders
> IT Support Analyst
>
> ----- "Paul Graydon" <paul at paulgraydon.co.uk
> <mailto:paul at paulgraydon.co.uk>> wrote:
> > That will help, but realistically you're going to have to block
> every "high port" to stop P2P through that method.
> >
> > The only way to effectively block P2P is to do packet sniffing
> and analysis.. and that's just one big hassle.
> >
> > My belief is this is usually the wrong way to tackle the problem,
> looking for a technical solution to a human resource problem.
> > User education (and LARTing if necessary) is the key. Using
> software like Cacti to monitor and graph per-port traffic stats,
> identify the largest bandwidth users and then focus on them and find
> out just why they're using up so much bandwidth.
> > It's remarkable just how soon the problem all goes away after you
> find just one or two individuals who are abusing the network
> infrastructure and explain to them what the disciplinary procedures
> are (or enact if it's appropriate and you have concrete evidence.)
> The message soon spreads!
> >
> > Paul
> >
> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>
> Hello,
> >
> > You can use these iptables rules, because I don't like, don't
> use and I don't wanna learn ufw. hehehehehe
> >
> > # Block P2P connections
> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
> > iptables -A FORWARD -p udp --dport 1981 -j DROP
> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
> > iptables -A FORWARD -p udp --dport 2037 -j DROP
> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
> > iptables -A FORWARD -p udp --dport 3501 -j DROP
> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
> > iptables -A FORWARD -p udp --dport 3531 -j DROP
> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
> > iptables -A FORWARD -p udp --dport 3587 -j DROP
> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
> > iptables -A FORWARD -p udp --dport 3955 -j DROP
> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
> > iptables -A FORWARD -p udp --dport 4242 -j DROP
> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
> > iptables -A FORWARD -p udp --dport 4688 -j DROP
> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
> > iptables -A FORWARD -p udp --dport 5121 -j DROP
> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
> > iptables -A FORWARD -p udp --dport 5662 -j DROP
> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
> > iptables -A FORWARD -p udp --dport 6699 -j DROP
> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
> > iptables -A FORWARD -p udp --dport 8473 -j DROP
> >
> >
> >
> >
> > 2010/6/4 Kaushal Shriyan <kaushalshriyan at gmail.com
> <mailto:kaushalshriyan at gmail.com>>
> >
>
> Hi,
> >
> > is there a howto for blocking p2p traffic on ubuntu 10.04
> server ?
> >
> > Thanks,
> >
> > Kaushal
> >
> > --
> > ubuntu-server mailing list
> > ubuntu-server at lists.ubuntu.com
> <mailto:ubuntu-server at lists.ubuntu.com>
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> > More info: https://wiki.ubuntu.com/ServerTeam
> >
>
>
> >
>
> > --
> > Greyson Farias
> > Técnico em Informática - CREA/AC 9329TD
> > Ubuntu user
> > Eu prefiro receber documentos em ODF.
> > http://ubuntu.com/download/getubuntu
> > Blog Ubuntu Acre: http://ubuntu-ac.org
> >
>
>
> >
> >
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com <mailto:ubuntu-server at lists.ubuntu.com>
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
>
More information about the ubuntu-server
mailing list