block p2p server

[Guest]

[rcii_it]

hi guys
how can i block use of P2P server?
because it is not work in one port.

[fdelval]

bump, im also interested

[mrkroket]

With intrusion detection service you can block some P2P traffic, no matter the port.
It reads the packets to determine if it's P2P.

Go to services->Intrusion prevention.
Enable the service and update the rules. Then go to Rules, and on the ruleset auto/emerging-p2p.rules Click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. This means that the system now will drop P2P traffic.
I tested it with Bittorrent and works fantastic, it detected my Bittorrent, warned me and dropped the packets.

Just a side note. On Endian 2.3 Community there is a bug with IDS (another), not sure about 2.4.
Sometimes the settings are not correctly saved and internally disables almost all rules.

How to fix it:
Edit the /usr/local/bin/restartsnort.py file. At about line 128, on function enabled_rule_targets(), there is a section that says

enabled_targets = config_values.get('ENABLED_RULES', "")
    if enabled_targets == "":
        return []

There is some cases that the value of ENABLED_RULES is empty, don't know why.
So i change that part, and place instead:
    enabled_targets = config_values.get('ENABLED_RULES', "")
    if enabled_targets == "":
        enabled_targets = "auto,custom"

Changed the return [] line for the enabled_targets = "auto,custom" line

[Di4bLo]

It doesn't work.
Utorrent works perfectly with the IPS on.

:-(

[nir1978]

Yes utorrent works perfectly !

eats up the bandwidth. I want to allow access to torrents through proxy only where I can enable time restriction. please guide

[kashifmax]

There are two ways. 1st as mrkroket said, 2nd Tighten your outgoing firewall rules. For example allow specific port from specific IP.

[Abby]

Hello

I'm using endian 2.5.2 community Edition as an inline transparent proxy like so:

Internet -> Netgear router and firewall (IP 192.168.1.10) -> Endian (192.168.1.5) -> Switch -> Client (192.168.1.99)

It's running as a bridge with two NICS, both on green.

I'm trying to block p2p file sharing, so have enabled p2p blocking rules as described, but utorrent still gets through!

I've checked the IDS logs and snort DETECTS the traffic but does not BLOCK it!:

P2P BitTorrent transfer / Potential Corporate Privacy Violation

What am I missing?

Thank you

With intrusion detection service you can block some P2P traffic, no matter the port.
It reads the packets to determine if it's P2P.

Go to services->Intrusion prevention.
Enable the service and update the rules. Then go to Rules, and on the ruleset auto/emerging-p2p.rules Click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. This means that the system now will drop P2P traffic.
I tested it with Bittorrent and works fantastic, it detected my Bittorrent, warned me and dropped the packets.

[dda]

Did you try it in non-transparent mode?

[Di4bLo]

I have solved it blocking all UDP ports on the firewall from 1024 to 65535.