On Tue, Oct 29, 2002 at 10:03:58AM -0800, Ray Olszewski wrote: > Comments interleaved below. (I waited awhile before replying, in the hope > that someone who knows more about this area than I would chime in. What I > can offer is very limited, as you will see.)
Limited, but by no means useless... thanks :) > >Now, why morpheus on the lan should result in incoming martian icmp > >messages on eth0, I haven't any idea...(?) BUT > > Me either, except to note that P2P services make a lot of connections to > and from poorly configured systems. If your ISP uses private address > 10.131.224.1 for some specialized purpose (a plausible example would be a > server that does PPPoE authentication), a configuration error by some > morpheus user elsewhere could be causing a routing error from your end. > Just a guess, of course. Except that what I'm seeing is many different IPs, although they're almost all in the 10.0.0.0/8 range. (I do see some 192.168.x.x. and a couple 172's, but not nearly as many as the 10's...) > >More generally; > > > >This being a residential network, I have no authority to block P2P apps > >outright. So I would like some opinions/advice WRT the following: > > > >P2P being the potential security hazard it is, would it make sense to > >place a P2P "proxy" in the dmz? (And try to beef up security on it) > > My guess is no. Any vulnerabilities here are in the application layer of > closed-source software. For each P2P app to work, you have to let the app > connect to the Internet. In any case, I've never heard of a P2P proxy for > the common P2P services ... has anyone? Right. Well... I'm using the term 'proxy' very loosely here; What I meant was to set up a windows host in the DMZ, strip it as much as possible, load some antivirus stuff on it, and let it act as 'buffer' for P2P. Then use the very useful info from oofle.com to build rules that only allow P2P to/from *that* machine to/from the NET, throttling and all, and only let the internal clients up/download from it. I don't know, just an idea... :-P > As to "where to begin" ... a good place to start with this sort of question > is at Google. A search on "Morpheus ports" turned up a ton of listings, > including this one: Right... google is our friend... I'll look more closely into these links. Oofle looks like a great resource :) Thanks... I now have some leads to pursue... Jon Clausen ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
