What ports does BearShare commonly use? Does it cycle through open ports? I'm not quite familiar with BearShare though I'm assuming port cycling.
Its possible you can block BearShare by sniffing for its signature through Wireshark. Skype has a signature of** 0x17030100 ( http://www1.cs.columbia.edu/~salman/publications/skype1_4.pdf). You will need to look around for BearShare's signature, or sniff your own traffic to see it. If you have Snort already in PFSense, open your web management console, then go to Services: Snort. Click on Categories, make sure that p2p.rules is checked. Check if there are rules for BearShare included that is referenced with Source: $EXTERNAL_NET. If there's none, you may need to add a Rule for it. Enabled: SID: Protocol: TCP Source: $EXTERNAL_NET Source Port: any Direction: -> Destination: $HOME_NET Destination Port: any Message: BearShare Content: <put BearShare's signature here> Class Type: policy violation Revision: 1 HTH. 2008/1/22 Jess Pepito <[EMAIL PROTECTED]>: > kinsay naa tutorial dinhi unsaon pag gamit sa pfsense with snort, para ma > block ang p2p download like bearshare and other shareware connection. > > or any idea how to block p2p using pfsense without snort, nag testing > naman ko og padagan pfsense with snort then select block p2p connection > lusot man guihapon ang download sa bearshare > > ----- Original Message ---- > From: hard wyrd <[EMAIL PROTECTED]> > To: Kagay-Anon Linux Users' Group (KLUG) Mailing List < > [email protected]> > Sent: Tuesday, January 22, 2008 11:09:43 AM > Subject: Re: [klug] [OT] SmartBro and UDP Port 5060 > > > On Jan 22, 2008 11:06 AM, Raymond Olavides <[EMAIL PROTECTED]> wrote: > > > > > Gi-utingkay sa support, set cya static i.p. etc., login cya sa web > > panel, configure niya ang modem/router, wala na-ayo. tabang2x ko gamay, > > (snack sila) gibalik nako ang backup sa gidaut nga file, utingkay cya balik, > > naayo na. hehe > > > > Mao ni akong nabantayan sa uban "support". After sa snack ma-ayo na > dayon :)). Busa, kung magpa-support mo, una sa snack pag-abot nila, ayha > sila ipa-trabaho :)) > > > -- > "A dog that has no bite, barks loudest." > Registered Linux User #400165 > http://baudizm.blogsome.com > Full-Disclosure,LARTC,Open-ITLUG, PRUG, KLUG, linuxusersgroup, > sybase.public.ase.linux > > > ------------------------------ > Never miss a thing. Make Yahoo your > homepage.<http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs> > > _________________________________________________ > Kagay-Anon Linux Users' Group (KLUG) Mailing List > [email protected] (http://cdo.linux.org.ph) > Searchable Archives: http://archives.free.net.ph > -- "A dog that has no bite, barks loudest." Registered Linux User #400165 http://baudizm.blogsome.com Full-Disclosure,LARTC,Open-ITLUG, PRUG, KLUG, linuxusersgroup, sybase.public.ase.linux
_________________________________________________ Kagay-Anon Linux Users' Group (KLUG) Mailing List [email protected] (http://cdo.linux.org.ph) Searchable Archives: http://archives.free.net.ph
