|
Title: block p2p server Post by: rcii_it on Tuesday 01 September 2009, 06:29:42 pm hi guys
how can i block use of P2P server? because it is not work in one port. Title: Re: block p2p server Post by: fdelval on Monday 19 July 2010, 01:22:34 am bump, im also interested
Title: Re: block p2p server Post by: mrkroket on Tuesday 20 July 2010, 01:05:40 am With intrusion detection service you can block some P2P traffic, no matter the port.
It reads the packets to determine if it's P2P. Go to services->Intrusion prevention. Enable the service and update the rules. Then go to Rules, and on the ruleset auto/emerging-p2p.rules Click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. This means that the system now will drop P2P traffic. I tested it with Bittorrent and works fantastic, it detected my Bittorrent, warned me and dropped the packets. Just a side note. On Endian 2.3 Community there is a bug with IDS (another), not sure about 2.4. Sometimes the settings are not correctly saved and internally disables almost all rules. How to fix it: Edit the /usr/local/bin/restartsnort.py file. At about line 128, on function enabled_rule_targets(), there is a section that says enabled_targets = config_values.get('ENABLED_RULES', "") if enabled_targets == "": return [] There is some cases that the value of ENABLED_RULES is empty, don't know why. So i change that part, and place instead: enabled_targets = config_values.get('ENABLED_RULES', "") if enabled_targets == "": enabled_targets = "auto,custom" Changed the return [] line for the enabled_targets = "auto,custom" line Title: Re: block p2p server Post by: Di4bLo on Wednesday 15 February 2012, 03:49:53 am It doesn't work.
Utorrent works perfectly with the IPS on. :-( Title: Re: block p2p server Post by: nir1978 on Tuesday 24 April 2012, 08:35:56 pm Yes utorrent works perfectly !
eats up the bandwidth. I want to allow access to torrents through proxy only where I can enable time restriction. please guide Title: Re: block p2p server Post by: kashifmax on Tuesday 01 May 2012, 11:19:11 pm There are two ways. 1st as mrkroket said, 2nd Tighten your outgoing firewall rules. For example allow specific port from specific IP.
Title: Re: block p2p server Post by: Abby on Wednesday 13 November 2013, 09:24:56 pm Hello
I'm using endian 2.5.2 community Edition as an inline transparent proxy like so: Internet -> Netgear router and firewall (IP 192.168.1.10) -> Endian (192.168.1.5) -> Switch -> Client (192.168.1.99) It's running as a bridge with two NICS, both on green. I'm trying to block p2p file sharing, so have enabled p2p blocking rules as described, but utorrent still gets through! I've checked the IDS logs and snort DETECTS the traffic but does not BLOCK it!: P2P BitTorrent transfer / Potential Corporate Privacy Violation What am I missing? Thank you With intrusion detection service you can block some P2P traffic, no matter the port. It reads the packets to determine if it's P2P. Go to services->Intrusion prevention. Enable the service and update the rules. Then go to Rules, and on the ruleset auto/emerging-p2p.rules Click on the alert icon (yellow triangle). After that the alert symbol will change to a red shield symbol. This means that the system now will drop P2P traffic. I tested it with Bittorrent and works fantastic, it detected my Bittorrent, warned me and dropped the packets. Title: Re: block p2p server Post by: dda on Saturday 16 November 2013, 09:11:43 am Did you try it in non-transparent mode?
Title: Re: block p2p server Post by: Di4bLo on Friday 06 May 2016, 05:18:55 pm I have solved it blocking all UDP ports on the firewall from 1024 to 65535.
:) |