TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
The PacketShaper device will indeed let you control your network traffic at a very granular level. It will auto-discover a lot of P2P applications and you can always create your own rules using protocol, subnet, host, port, flow direction, etc. I have had very good success with the PacketShapers that I manage although they are not 100% perfect. Some of the newer P2Ps are pretty sophisticated in their methods of port swapping and pushing content vs. pulling by the client. These two factors make firewall rules pretty unwieldy and, I found, overly inclusive. For example, one response to your question suggests, "<snip> ... we create 2 protocol definition In/out with the name of Imesh and block port #4000-5000 in inbound and block port #4000-5000 outbound ... <snip>" These two rules will drop all packets for 2000 total ports regardless of the traffic type. Unless you know that absolutely, positively no legitimate traffic will _ever_ be passed to/from one of these ports then this might work but, it's overkill in my opinion. Unfortunately, without richer functionality, there aren't many other alternatives. Keep in mind that the PacketShaper is not a firewall substitute, it is a bandwidth management device. The two compliment each other very well. Regards, Steve Bernard Systems Engineer George Mason University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Robinson Sent: Friday, December 14, 2001 9:19 AM To: McClelland, Erin; 'Pedro Fernandez'; [EMAIL PROTECTED] Subject: RE: Imesh detection TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- All, Came accross this in my readings. http://www.packeteer.com/. PacketShaper allows you to monitor Layer 7 traffic and provide a QOS based on applications. It does handle iMESH, along with ICQ, AIM, MSN Messenger, Morpheous, Aimster... Looks like all of them. You should be able to throttle all such application traffic down to to 0% to stop it. Disclaimer: I neither work for nor represent this company. Stephen F. Robinson VP ISSA-LA www.issa-la.org -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of McClelland, Erin Sent: Wednesday, December 12, 2001 12:29 PM To: 'Pedro Fernandez'; [EMAIL PROTECTED] Subject: RE: Imesh detection Funny this comes around right now. I too am monitoring imesh and a few other mp3 programs. Audio Galaxy owns to class c's so blocking them at the firewall is easy (64.245.58.x 64.245.59.x). But iMesh is a little more tricky. Not to mention all the spyware that goes along with these programs (key stroke loggers, cookie stealers etc). If you monitor the network with network ice sensors you will see alot of : HTTP Several fields with Binary HTTP with Binary and after drilling down via icecap you will see alot of these will go to www.imesh.com and to various live365.com address's as well. Both are either listening/playing broadcasted music or in imesh case, sharing files accross your network. If anyone has had success with tracking these down, let us know..this issue is growing every day and short of scanning HD's at boot up and uninstalling the software, I'm not sure how to stop it. Another concerned analyst... -----Original Message----- From: Pedro Fernandez [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 1:44 PM To: [EMAIL PROTECTED] Subject: Imesh detection TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi everyone I need detect application for file sharing call "IMESH.EXE". Exists any method to stopped this application. Any ideas??? Thanks in advance Pedro Fern�ndez A. Consultor en Seguridad - ISS Certified Orion 2000 S.A.- Servicios Profesionales en Seguridad Inform�tica La Concepci�n 322 Piso 12 Providencia Santiago, Chile Fono : 56-2-6403942, Fax : 56-2-6403990 mailto:[EMAIL PROTECTED] http://www.orion.cl
