block p2p traffic
Bill
beau at billbeau.net
Tue Jun 8 21:52:19 UTC 2010
I think mrtg is a little better. It graphs it out for ya so you can see
where the peaks are. It is a fantastic tool to see in a quick glance
what is going on with traffic and loads. If your working in say a data
center where you need to monitor several routers you can graph each and
every port. It was a great tool for DOS attacks we could see real quick
where the trouble was.
On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:
> Bill wrote:
>
>> I also use snmp and mrtg. I like seeing how much traffic is coming
>> through during the night.
>>
>>
> vnstat is good for that, here a example:
>
> # vnstat -i eth1 -d
>
> eth1 / daily
>
> day rx | tx | total
> ------------------------+-------------+----------------------------------------
> 10.05. 1.55 GB | 614.03 MB | 2.15 GB %%%%%%:::
> 11.05. 1.95 GB | 830.82 MB | 2.76 GB %%%%%%%%::::
> 12.05. 1.79 GB | 897.25 MB | 2.66 GB %%%%%%%%::::
> 13.05. 1.75 GB | 885.00 MB | 2.61 GB %%%%%%%::::
> 14.05. 2.31 GB | 845.42 MB | 3.14 GB %%%%%%%%%%::::
> 15.05. 504.79 MB | 372.75 MB | 877.54 MB %%:
> 16.05. 43.93 MB | 92.58 MB | 136.51 MB
> 17.05. 1.35 GB | 746.94 MB | 2.08 GB %%%%%%:::
> 18.05. 1.91 GB | 1.14 GB | 3.05 GB %%%%%%%%:::::
> 19.05. 1.38 GB | 943.80 MB | 2.30 GB %%%%%%::::
> 20.05. 1.29 GB | 852.66 MB | 2.12 GB %%%%%::::
> 21.05. 1.40 GB | 729.03 MB | 2.11 GB %%%%%%:::
> 22.05. 394.85 MB | 280.23 MB | 675.08 MB %%:
> 23.05. 78.72 MB | 184.89 MB | 263.61 MB :
> 24.05. 1.42 GB | 838.88 MB | 2.24 GB %%%%%%::::
> 25.05. 1.50 GB | 871.23 MB | 2.35 GB %%%%%%::::
> 26.05. 1.61 GB | 893.04 MB | 2.48 GB %%%%%%%::::
> 27.05. 1.67 GB | 993.82 MB | 2.65 GB %%%%%%%%::::
> 28.05. 1.57 GB | 1.71 GB | 3.29 GB %%%%%%%::::::::
> 29.05. 718.45 MB | 360.40 MB | 1.05 GB %%%:
> 30.05. 44.14 MB | 81.51 MB | 125.65 MB
> 31.05. 1.04 GB | 775.54 MB | 1.80 GB %%%%%:::
> 01.06. 1.15 GB | 642.65 MB | 1.78 GB %%%%%:::
> 02.06. 1.56 GB | 1.12 GB | 2.68 GB %%%%%%%:::::
> 03.06. 3.85 GB | 1.62 GB | 5.47 GB
> %%%%%%%%%%%%%%%%%%:::::::
> 04.06. 2.32 GB | 1.49 GB | 3.81 GB %%%%%%%%%%:::::::
> 05.06. 876.30 MB | 449.40 MB | 1.29 GB %%%::
> 06.06. 117.62 MB | 158.43 MB | 276.05 MB :
> 07.06. 1.99 GB | 1.38 GB | 3.37 GB %%%%%%%%%::::::
> 08.06. 981.30 MB | 712.62 MB | 1.65 GB %%%%:::
> ------------------------+-------------+----------------------------------------
> estimated 1.70 GB | 1.23 GB | 2.93 GB
>
> Best regards.
>
>> On 6/8/2010 8:52 AM, Eric Peters wrote:
>>
>>
>>> I agree, proactively monitoring your network, makes for good practice,
>>> and also peace of mind. Security through obscurity, and passive
>>> reactionary monitoring is just asking for your network to be abused.
>>> Here are just some tools that I use on a daily basis which
>>> would easily detect p2p traffic and other abuses.
>>>
>>> Ntop = /ntop/ is a network traffic probe that shows the network
>>> usage, similar to what the popular top Unix command does, but prettier!
>>> Snort = /Snort/ is a free and open source network intrusion
>>> prevention system (NIPS) and network intrusion detection system (NIDS)
>>> Snorby = Great front end for Snort, I'm currently working on a howto
>>> for this under Ubuntu 10.4
>>> ET Rules = Emerging Threats is an open source community project with
>>> the fastest moving and most diverse Snort Signature set and firewall
>>> rules available
>>> Wireshark = /Wireshark/ is a network protocol analyzer
>>> nmap = Security Scanner For Network Exploration& computer scanning
>>>
>>> I'm curious as to what everyone else is using? Did I leave anything out?
>>> What's your thoughts on this subject?
>>>
>>>
>>> Cheers,
>>> Eric
>>>
>>>
>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders at jsu.edu
>>> <mailto:dsanders at jsu.edu>> wrote:
>>>
>>> I second Paul that is the way to go, once one finds out they have
>>> eyes on them, it "can" fix it's self. We had a problem with an
>>> individual serving up files and the big bad record industry sent a
>>> letter. That gave us the right to cut the user off. Once turned back
>>> on behavior changed. You will get some flack on the front end but
>>> over time a majority of the community will get in line.
>>>
>>> Danny Michael Sanders
>>> IT Support Analyst
>>>
>>> ----- "Paul Graydon"<paul at paulgraydon.co.uk
>>> <mailto:paul at paulgraydon.co.uk>> wrote:
>>> > That will help, but realistically you're going to have to block
>>> every "high port" to stop P2P through that method.
>>> >
>>> > The only way to effectively block P2P is to do packet sniffing
>>> and analysis.. and that's just one big hassle.
>>> >
>>> > My belief is this is usually the wrong way to tackle the problem,
>>> looking for a technical solution to a human resource problem.
>>> > User education (and LARTing if necessary) is the key. Using
>>> software like Cacti to monitor and graph per-port traffic stats,
>>> identify the largest bandwidth users and then focus on them and find
>>> out just why they're using up so much bandwidth.
>>> > It's remarkable just how soon the problem all goes away after you
>>> find just one or two individuals who are abusing the network
>>> infrastructure and explain to them what the disciplinary procedures
>>> are (or enact if it's appropriate and you have concrete evidence.)
>>> The message soon spreads!
>>> >
>>> > Paul
>>> >
>>> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>>
>>> Hello,
>>> >
>>> > You can use these iptables rules, because I don't like, don't
>>> use and I don't wanna learn ufw. hehehehehe
>>> >
>>> > # Block P2P connections
>>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
>>> > iptables -A FORWARD -p udp --dport 1981 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
>>> > iptables -A FORWARD -p udp --dport 2037 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3501 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3531 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3587 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3955 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
>>> > iptables -A FORWARD -p udp --dport 4242 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
>>> > iptables -A FORWARD -p udp --dport 4688 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
>>> > iptables -A FORWARD -p udp --dport 5121 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
>>> > iptables -A FORWARD -p udp --dport 5662 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6699 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
>>> > iptables -A FORWARD -p udp --dport 8473 -j DROP
>>> >
>>> >
>>> >
>>> >
>>> > 2010/6/4 Kaushal Shriyan<kaushalshriyan at gmail.com
>>> <mailto:kaushalshriyan at gmail.com>>
>>> >
>>>
>>> Hi,
>>> >
>>> > is there a howto for blocking p2p traffic on ubuntu 10.04
>>> server ?
>>> >
>>> > Thanks,
>>> >
>>> > Kaushal
>>> >
>>> > --
>>> > ubuntu-server mailing list
>>> > ubuntu-server at lists.ubuntu.com
>>> <mailto:ubuntu-server at lists.ubuntu.com>
>>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> > More info: https://wiki.ubuntu.com/ServerTeam
>>> >
>>>
>>>
>>> >
>>>
>>> > --
>>> > Greyson Farias
>>> > Técnico em Informática - CREA/AC 9329TD
>>> > Ubuntu user
>>> > Eu prefiro receber documentos em ODF.
>>> > http://ubuntu.com/download/getubuntu
>>> > Blog Ubuntu Acre: http://ubuntu-ac.org
>>> >
>>>
>>>
>>> >
>>> >
>>>
>>> --
>>> ubuntu-server mailing list
>>> ubuntu-server at lists.ubuntu.com<mailto:ubuntu-server at lists.ubuntu.com>
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> More info: https://wiki.ubuntu.com/ServerTeam
>>>
>>>
>>>
>>>
>>
>>
>
>
More information about the ubuntu-server
mailing list