Re: blocking gnutella
[EMAIL PROTECTED] (Jason Dixon) wrote in message news:[EMAIL PROTECTED]...
On Sep 14, 2004, at 3:33 PM, Bryan Irvine wrote:
I can't seem to get gnutella to break.
gnutella = { 6346 6348 8436 }
block out quick proto { udp tcp } from any to any port $gnutella
block in quick proto { udp tcp } from any to any port $gnutella
pftop still shows connection on 6346 though, ideas?
I think this thread is still germane:
http://marc.theaimsgroup.com/?l=openbsd-pfm=104592911709710w=2
Don't try to block it. Its a port hopper. Instead make it painfull
for the users that use it. Altq is your friend.
They will go home and do their file sharing there.
btb
Re: blocking gnutella
On Sep 15, 2004, at 12:23 PM, Brent Bolin wrote: [EMAIL PROTECTED] (Jason Dixon) wrote in message news:DCB03664-06A3-11D9-933E I think this thread is still germane: http://marc.theaimsgroup.com/?l=openbsd-pfm=104592911709710w=2 Don't try to block it. Its a port hopper. Instead make it painfull for the users that use it. Altq is your friend. Isn't that what I just said (in the link)? -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
Re: blocking gnutella
hr altq work well with carp yet? I remember hearing some painful
stories a while back.
--Bryan
On 15 Sep 2004 09:23:29 -0700, Brent Bolin [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Jason Dixon) wrote in message news:[EMAIL PROTECTED]...
On Sep 14, 2004, at 3:33 PM, Bryan Irvine wrote:
I can't seem to get gnutella to break.
gnutella = { 6346 6348 8436 }
block out quick proto { udp tcp } from any to any port $gnutella
block in quick proto { udp tcp } from any to any port $gnutella
pftop still shows connection on 6346 though, ideas?
I think this thread is still germane:
http://marc.theaimsgroup.com/?l=openbsd-pfm=104592911709710w=2
Don't try to block it. Its a port hopper. Instead make it painfull
for the users that use it. Altq is your friend.
They will go home and do their file sharing there.
btb
RE: blocking gnutella
Little bit more info would help people on the list, maybe post your
pf.conf with ip's xxx.xxx out and a simple diagram of your network
setup. Look like your not blocking on the internal interface from what
your describing possibly.
Amir Mesry
[EMAIL PROTECTED]
Cadillac Jack, Inc.
http://www.cadillacjack.com/
Network Systems Administrator
2420 Meadowbrook Parkway
Duluth, GA 30096
770-865-0034
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Bryan Irvine
Sent: Tuesday, September 14, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: blocking gnutella
I can't seem to get gnutella to break.
gnutella = { 6346 6348 8436 }
block out quick proto { udp tcp } from any to any port $gnutella
block in quick proto { udp tcp } from any to any port $gnutella
pftop still shows connection on 6346 though, ideas?
--Bryan
Re: blocking gnutella
On Tue, 2004-09-14 at 15:33, Bryan Irvine wrote:
I can't seem to get gnutella to break.
gnutella = { 6346 6348 8436 }
block out quick proto { udp tcp } from any to any port $gnutella
block in quick proto { udp tcp } from any to any port $gnutella
pftop still shows connection on 6346 though, ideas?
--Bryan
pftop still shows new connections being established or still shows old
connections that were established before you implemented the new rules
and didn't flush the state table or kill the individual states?
-j
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
It has been said that Public Relations is the art of winning friends and
getting people under the influence. -- Jeremy Tunstall
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Re: blocking gnutella
Gnutella is a slippery protocol, being peer to peer its highly
network configurable. Its not always a simple matter of blocking
a particular port. If your handy with network programming (with
perl or java or any network-useful language) you might want to
consider blocking unwanted protocols by setting up a daemon or
similar utility to sniff for protocol fingerprints and reject
them at the application layer. All protocols announce what they
are in the first few packets (at least I'm pretty sure they all
do...)
Of course this method will become useless when p2p developers
start using ssl and other secure transport methods, which they
are bound to do soon.
Amir S Mesry writes:
Little bit more info would help people on the list, maybe post your
pf.conf with ip's xxx.xxx out and a simple diagram of your network
setup. Look like your not blocking on the internal interface from what
your describing possibly.
Amir Mesry
[EMAIL PROTECTED]
Cadillac Jack, Inc.
http://www.cadillacjack.com/
Network Systems Administrator
2420 Meadowbrook Parkway
Duluth, GA 30096
770-865-0034
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Bryan Irvine
Sent: Tuesday, September 14, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: blocking gnutella
I can't seem to get gnutella to break.
gnutella = { 6346 6348 8436 }
block out quick proto { udp tcp } from any to any port $gnutella
block in quick proto { udp tcp } from any to any port $gnutella
pftop still shows connection on 6346 though, ideas?
--Bryan
Re: blocking gnutella
On Sep 14, 2004, at 3:33 PM, Bryan Irvine wrote:
I can't seem to get gnutella to break.
gnutella = { 6346 6348 8436 }
block out quick proto { udp tcp } from any to any port $gnutella
block in quick proto { udp tcp } from any to any port $gnutella
pftop still shows connection on 6346 though, ideas?
I think this thread is still germane:
http://marc.theaimsgroup.com/?l=openbsd-pfm=104592911709710w=2
--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net
