No they do not. That's the *tricky* part about blocking p2p. Emule(edonkey 2000) for instance, can use any TCP/UDP at the user's choice. Blocking sucessfully p2p requires layer 7 data inspection, and even with that, it's not 100% successful.
IMHO the best freeware solutions are: 1-snort, just for client identifition. Using Snort-inline for blocking p2p is dangerous and can potentially DoS your firewall. 2- ipp2p module for netfilter, which is neither 100% compatible with all kernel versions, nor has a good p2p identification support. 3- the best one, layer 7 QoS module for netfilter, which has support for a lot of protocols, including many p2p protocols. 4-ipcop firewall with the module above. Paid ones: 1-Packeteer 2-Floodgate for Checkpoint Fw-1 3-Smoothwall firewall Alex > -----Original Message----- > From: Lachlan Bowes [mailto:[EMAIL PROTECTED] > Sent: 03 December 2005 07:43 > To: ahmad mubarak > Cc: [email protected] > Subject: Re: IM & P2P packets > > Probably one of the simplest and cheapest things you could do would be > to sniff data on your network for certain ports. All the P2P software > use unique ports, get a list of say the top20 P2P networks and their > ports and you'll probably the get results you're after. > > If you have an IDS you could configure some signatures to alarm on per > port/per session traffic. > > Regards, > Lachlan > > On Tue, 2005-11-29 at 08:06 +0300, ahmad mubarak wrote: > > hi all > > > > i am new in infoSec field so my boss asked me to give him > > a list of IM and P2P users in our network > > > > i searched the Internet to find any tool to help in this task but no > result > > > > so is there any one can help !!! to achieve this task > > > > ideas , tools , procedures will appreciated > > > > > > thanx > > > > ------------------------------------------------------------------------ > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it > > with real-world attacks from CORE IMPACT. > > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > > ------------------------------------------------------------------------ > > > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
