block p2p traffic

Jorge Armando Medina jmedina at e-compugraf.com
Wed Jun 9 18:26:30 UTC 2010


Bill wrote:
> I think mrtg is a little better. It graphs it out for ya so you can see 
> where the peaks are. It is a fantastic tool to see in a quick glance 
> what is going on with traffic and loads. If your working in say a data 
> center where you need to monitor several routers you can graph each and 
> every port. It was a great tool for DOS attacks we could see real quick 
> where the trouble was.
>   
Hi Bill, I know and use mrtg or cacti, but mrtg wont give you info about
how many bandwidht was consumed by day, mrtg using snmp by default only
graphs transfer rates not total bandwidht used, that is why I prefer vnstat.
> On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:
>   
>> Bill wrote:
>>    
>>     
>>> I also use snmp and mrtg. I like seeing how much traffic is coming
>>> through during the night.
>>>
>>>      
>>>       
>> vnstat is good for that, here a example:
>>
>> # vnstat -i eth1 -d
>>
>>   eth1  /  daily
>>
>>      day         rx      |     tx      |  total
>> ------------------------+-------------+----------------------------------------
>>     10.05.      1.55 GB  |  614.03 MB  |    2.15 GB   %%%%%%:::
>>     11.05.      1.95 GB  |  830.82 MB  |    2.76 GB   %%%%%%%%::::
>>     12.05.      1.79 GB  |  897.25 MB  |    2.66 GB   %%%%%%%%::::
>>     13.05.      1.75 GB  |  885.00 MB  |    2.61 GB   %%%%%%%::::
>>     14.05.      2.31 GB  |  845.42 MB  |    3.14 GB   %%%%%%%%%%::::
>>     15.05.    504.79 MB  |  372.75 MB  |  877.54 MB   %%:
>>     16.05.     43.93 MB  |   92.58 MB  |  136.51 MB
>>     17.05.      1.35 GB  |  746.94 MB  |    2.08 GB   %%%%%%:::
>>     18.05.      1.91 GB  |    1.14 GB  |    3.05 GB   %%%%%%%%:::::
>>     19.05.      1.38 GB  |  943.80 MB  |    2.30 GB   %%%%%%::::
>>     20.05.      1.29 GB  |  852.66 MB  |    2.12 GB   %%%%%::::
>>     21.05.      1.40 GB  |  729.03 MB  |    2.11 GB   %%%%%%:::
>>     22.05.    394.85 MB  |  280.23 MB  |  675.08 MB   %%:
>>     23.05.     78.72 MB  |  184.89 MB  |  263.61 MB   :
>>     24.05.      1.42 GB  |  838.88 MB  |    2.24 GB   %%%%%%::::
>>     25.05.      1.50 GB  |  871.23 MB  |    2.35 GB   %%%%%%::::
>>     26.05.      1.61 GB  |  893.04 MB  |    2.48 GB   %%%%%%%::::
>>     27.05.      1.67 GB  |  993.82 MB  |    2.65 GB   %%%%%%%%::::
>>     28.05.      1.57 GB  |    1.71 GB  |    3.29 GB   %%%%%%%::::::::
>>     29.05.    718.45 MB  |  360.40 MB  |    1.05 GB   %%%:
>>     30.05.     44.14 MB  |   81.51 MB  |  125.65 MB
>>     31.05.      1.04 GB  |  775.54 MB  |    1.80 GB   %%%%%:::
>>     01.06.      1.15 GB  |  642.65 MB  |    1.78 GB   %%%%%:::
>>     02.06.      1.56 GB  |    1.12 GB  |    2.68 GB   %%%%%%%:::::
>>     03.06.      3.85 GB  |    1.62 GB  |    5.47 GB
>> %%%%%%%%%%%%%%%%%%:::::::
>>     04.06.      2.32 GB  |    1.49 GB  |    3.81 GB   %%%%%%%%%%:::::::
>>     05.06.    876.30 MB  |  449.40 MB  |    1.29 GB   %%%::
>>     06.06.    117.62 MB  |  158.43 MB  |  276.05 MB   :
>>     07.06.      1.99 GB  |    1.38 GB  |    3.37 GB   %%%%%%%%%::::::
>>     08.06.    981.30 MB  |  712.62 MB  |    1.65 GB   %%%%:::
>> ------------------------+-------------+----------------------------------------
>>   estimated     1.70 GB  |    1.23 GB  |    2.93 GB
>>
>> Best regards.
>>    
>>     
>>> On 6/8/2010 8:52 AM, Eric Peters wrote:
>>>
>>>      
>>>       
>>>> I agree, proactively monitoring your network, makes for good practice,
>>>> and also peace of mind. Security through obscurity, and passive
>>>> reactionary monitoring is just asking for your network to be abused.
>>>> Here are just some tools that I use on a daily basis which
>>>> would easily detect p2p traffic and other abuses.
>>>>
>>>> Ntop        = /ntop/ is a network traffic probe that shows the network
>>>> usage, similar to what the popular top Unix command does, but prettier!
>>>> Snort       = /Snort/ is a free and open source network intrusion
>>>> prevention system (NIPS) and network intrusion detection system (NIDS)
>>>> Snorby     = Great front end for Snort, I'm currently working on a howto
>>>> for this under Ubuntu 10.4
>>>> ET Rules  = Emerging Threats is an open source community project with
>>>> the fastest moving and most diverse Snort Signature set and firewall
>>>> rules available
>>>> Wireshark = /Wireshark/ is a network protocol analyzer
>>>> nmap       = Security Scanner For Network Exploration&  computer scanning
>>>>
>>>> I'm curious as to what everyone else is using? Did I leave anything out?
>>>> What's your thoughts on this subject?
>>>>
>>>>
>>>> Cheers,
>>>> Eric
>>>>
>>>>
>>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders at jsu.edu
>>>> <mailto:dsanders at jsu.edu>>  wrote:
>>>>
>>>>      I second Paul that is the way to go, once one finds out they have
>>>>      eyes on them, it "can" fix it's self.  We had a problem with an
>>>>      individual serving up files and the big bad record industry sent a
>>>>      letter. That gave us the right to cut the user off. Once turned back
>>>>      on behavior changed.   You will get some flack on the front end but
>>>>      over time a majority of the community will get in line.
>>>>
>>>>         Danny Michael Sanders
>>>>         IT Support Analyst
>>>>
>>>>      ----- "Paul Graydon"<paul at paulgraydon.co.uk
>>>>      <mailto:paul at paulgraydon.co.uk>>  wrote:
>>>>       >  That will help, but realistically you're going to have to block
>>>>      every "high port" to stop P2P through that method.
>>>>       >
>>>>       >  The only way to effectively block P2P is to do packet sniffing
>>>>      and analysis.. and that's just one big hassle.
>>>>       >
>>>>       >  My belief is this is usually the wrong way to tackle the problem,
>>>>      looking for a technical solution to a human resource problem.
>>>>       >  User education (and LARTing if necessary) is the key.  Using
>>>>      software like Cacti to monitor and graph per-port traffic stats,
>>>>      identify the largest bandwidth users and then focus on them and find
>>>>      out just why they're using up so much bandwidth.
>>>>       >  It's remarkable just how soon the problem all goes away after you
>>>>      find just one or two individuals who are abusing the network
>>>>      infrastructure and explain to them what the disciplinary procedures
>>>>      are (or enact if it's appropriate and you have concrete evidence.)
>>>>      The message soon spreads!
>>>>       >
>>>>       >  Paul
>>>>       >
>>>>       >  On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>>>
>>>>          Hello,
>>>>           >
>>>>           >  You can use these iptables rules, because I don't like, don't
>>>>          use and I don't wanna learn ufw. hehehehehe
>>>>           >
>>>>           >  # Block P2P connections
>>>>           >  iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 1981 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 1981 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 2037 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 2037 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 3501 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 3501 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 3531 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 3531 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 3587 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 3587 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 3955 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 3955 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 4242 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 4242 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 4688 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 4688 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 5121 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 5121 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 5662 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 5662 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 6699 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 6699 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>>>>           >  iptables -A FORWARD -p tcp --dport 8473 -j DROP
>>>>           >  iptables -A FORWARD -p udp --dport 8473 -j DROP
>>>>           >
>>>>           >
>>>>           >
>>>>           >
>>>>           >  2010/6/4 Kaushal Shriyan<kaushalshriyan at gmail.com
>>>>          <mailto:kaushalshriyan at gmail.com>>
>>>>           >
>>>>
>>>>              Hi,
>>>>               >
>>>>               >  is there a howto for blocking p2p traffic on ubuntu 10.04
>>>>              server ?
>>>>               >
>>>>               >  Thanks,
>>>>               >
>>>>               >  Kaushal
>>>>               >
>>>>               >  --
>>>>               >  ubuntu-server mailing list
>>>>               >  ubuntu-server at lists.ubuntu.com
>>>>              <mailto:ubuntu-server at lists.ubuntu.com>
>>>>               >  https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>>>               >  More info: https://wiki.ubuntu.com/ServerTeam
>>>>               >
>>>>
>>>>
>>>>           >
>>>>
>>>>           >  --
>>>>           >  Greyson Farias
>>>>           >  Técnico em Informática - CREA/AC 9329TD
>>>>           >  Ubuntu user
>>>>           >  Eu prefiro receber documentos em ODF.
>>>>           >  http://ubuntu.com/download/getubuntu
>>>>           >  Blog Ubuntu Acre: http://ubuntu-ac.org
>>>>           >
>>>>
>>>>
>>>>       >
>>>>       >
>>>>
>>>>      --
>>>>      ubuntu-server mailing list
>>>>      ubuntu-server at lists.ubuntu.com<mailto:ubuntu-server at lists.ubuntu.com>
>>>>      https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>>>      More info: https://wiki.ubuntu.com/ServerTeam
>>>>
>>>>
>>>>
>>>>        
>>>>         
>>>      
>>>       
>>    
>>     
>
>   


-- 
Jorge Armando Medina
Computación Gráfica de México
Web: http://www.e-compugraf.com
Tel: 55 51 40 72, Ext: 124
Email: jmedina at e-compugraf.com
GPG Key: 1024D/28E40632 2007-07-26
GPG Fingerprint: 59E2 0C7C F128 B550 B3A6  D3AF C574 8422 28E4 0632


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100609/9f9eee09/attachment.pgp>


More information about the ubuntu-server mailing list