Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 11:35:14 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  block p2p server
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: block p2p server  (Read 49440 times)
rcii_it
Full Member
***
Offline Offline

Posts: 10


« on: Tuesday 01 September 2009, 06:29:42 pm »

hi guys
how can i block use of P2P server?
because it is not work in one port.
Logged
fdelval
Jr. Member
*
Offline Offline

Posts: 6


« Reply #1 on: Monday 19 July 2010, 01:22:34 am »

bump, im also interested
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #2 on: Tuesday 20 July 2010, 01:05:40 am »

With intrusion detection service you can block some P2P traffic, no matter the port.
It reads the packets to determine if it's P2P.

Go to services->Intrusion prevention.
Enable the service and update the rules. Then go to Rules, and on the ruleset auto/emerging-p2p.rules Click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. This means that the system now will drop P2P traffic.
I tested it with Bittorrent and works fantastic, it detected my Bittorrent, warned me and dropped the packets.

Just a side note. On Endian 2.3 Community there is a bug with IDS (another), not sure about 2.4.
Sometimes the settings are not correctly saved and internally disables almost all rules.

How to fix it:
Edit the /usr/local/bin/restartsnort.py file. At about line 128, on function enabled_rule_targets(), there is a section that says

enabled_targets = config_values.get('ENABLED_RULES', "")
    if enabled_targets == "":
        return []


There is some cases that the value of ENABLED_RULES is empty, don't know why.
So i change that part, and place instead:
    enabled_targets = config_values.get('ENABLED_RULES', "")
    if enabled_targets == "":
        enabled_targets = "auto,custom"

Changed the return [] line for the enabled_targets = "auto,custom" line
Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #3 on: Wednesday 15 February 2012, 03:49:53 am »

It doesn't work.
Utorrent works perfectly with the IPS on.

:-(
Logged
nir1978
Jr. Member
*
Offline Offline

Posts: 7


« Reply #4 on: Tuesday 24 April 2012, 08:35:56 pm »

Yes utorrent works perfectly !

eats up the bandwidth. I want to allow access to torrents through proxy only where I can enable time restriction. please guide
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #5 on: Tuesday 01 May 2012, 11:19:11 pm »

There are two ways. 1st as mrkroket said, 2nd Tighten your outgoing firewall rules. For example allow specific port from specific IP.
Logged
Abby
Jr. Member
*
Offline Offline

Posts: 1


« Reply #6 on: Wednesday 13 November 2013, 09:24:56 pm »

Hello

I'm using endian 2.5.2 community Edition as an inline transparent proxy like so:

Internet -> Netgear router and firewall (IP 192.168.1.10) -> Endian (192.168.1.5) -> Switch -> Client (192.168.1.99)

It's running as a bridge with two NICS, both on green.

I'm trying to block p2p file sharing, so have enabled p2p blocking rules as described, but utorrent still gets through!

I've checked the IDS logs and snort DETECTS the traffic but does not BLOCK it!:

P2P BitTorrent transfer / Potential Corporate Privacy Violation

What am I missing?

Thank you

With intrusion detection service you can block some P2P traffic, no matter the port.
It reads the packets to determine if it's P2P.

Go to services->Intrusion prevention.
Enable the service and update the rules. Then go to Rules, and on the ruleset auto/emerging-p2p.rules Click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. This means that the system now will drop P2P traffic.
I tested it with Bittorrent and works fantastic, it detected my Bittorrent, warned me and dropped the packets.

Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #7 on: Saturday 16 November 2013, 09:11:43 am »

Did you try it in non-transparent mode?
Logged
Di4bLo
Full Member
***
Offline Offline

Posts: 39


« Reply #8 on: Friday 06 May 2016, 05:18:55 pm »

I have solved it blocking all UDP ports on the firewall from 1024 to 65535.
 Smiley
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.172 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com