Use snort and flexresp to reset connections. ./configure --enable-flexresp
In snort rules add alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P Outbound GNUTella client request"; flow:to_server,established; content:"GNUTELLA CONNECT"; depth:40; classtype:policy-violation; sid:556; rev:5; resp: rst_all;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P GNUTella client request"; flow:to_server,established; content:"GNUTELLA OK"; depth:40; classtype:policy-violation; sid:557; rev:6; resp: rst_all;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P Fastrack (kazaa/morpheus) traffic"; flow:to_server,established; content:"GET"; depth:3; content:"UserAgent\: KazaaClient"; reference:url,www.kazaa.com; classtype:policy-violation; sid:1699; rev:4; resp: rst_all;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P PeerEnabler traffic"; flow:to_server,established; content:"GET"; depth:3; content:"UserAgent\: PeerEnabler"; reference:url,www.joltid.com; classtype:policy-violation; sid:8972; rev:1; resp: rst_all;) Regards Eric Appelboom -----Original Message----- From: Rajveer Kushwah [mailto:[EMAIL PROTECTED] Sent: 16 January 2004 06:38 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] how to block Kazaa and peer to peer applications Hi, If u were using chkpnt NG with AI - u use SMARTDefense - which already has kazaa,yahoo,msn configured to be blocked - still u can configure these and others if u want. I think u wud have the same in FP3 - check if in smartdashboard you have the smartdefense tab alongwith security rulebase etc... Regards Rajveer > -----Original Message----- > From: Adriano Dias Leite [SMTP:[EMAIL PROTECTED] > Sent: Thursday, January 15, 2004 7:55 PM > To: [EMAIL PROTECTED] > Subject: [FW-1] how to block Kazaa and peer to peer applications > > Hi all, > Does anybody knows how to block kazaa, eMule, and this kind of > applications using checkpoint firewall-1 ng fp3? > > Thank you! > > > > Adriano Dias > Security Analyst > ( 3457-2205 > �9647-3919 > > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, > email [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
