Re: [plug] blocking kazaa n the likes

Tue, 16 Sep 2003 02:47:21 -0700 

Can you e-mail it to the list so that others can benefit also? :)

thanks.

Mensahe ni Michael Blancas...
> Its homegrown. We are just running a default snort compile with just the
> p2p rule enabled. The following are the only parameters I used for the
> snort.conf (aside from disabling all the rules).
>
> var HOME_NET [192.168.0.0/16]
> var EXTERNAL_NET !$HOME_NET
> include $RULE_PATH/p2p.rules
>
> Running snort with the following parameters:
>
> /usr/local/bin/snort -A fast -D -N -c /usr/local/snort/snort.conf"
>
> And blocking the src or dest IP whichever you prefer listed on the
> /var/log/snort/alert file via a perl script. I also disabled the
> following line on the p2p ruleset due to a lot of false positives:
>
> #alert tcp $HOME_NET any -> $EXTERNAL_NET !80 (msg:"P2P GNUTella GET";
> flow:to_server,established; content:"GET "; offset:0; depth:4;
> classtype:policy-violation; sid:1432; rev:4;)
>
> I could email you the script if you like.
>
> On Tue, 2003-09-16 at 16:55, Jun Tanamal wrote:
>> Michael Blancas wrote:
>>
>> >I'm using snort with just the p2p rules and have a perl script reads
>> the snort alert log and blocks the destination or source (depending
>> on your preference) using iptables. Works perfectly for us, and had a
>> reduction of traffic by almost 50%.
>> >
>
>> Viola! Is there a HOW-TO link on this?
>
>
> --
> Philippine Linux Users' Group (PLUG) Mailing List
> [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
> Official Website: http://plug.linux.org.ph
> Searchable Archives: http://marc.free.net.ph
> .
> To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
> .
> Are you a Linux newbie? To join the newbie list, go to
> http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie




-----------------------
University of Baguio
General Luna Road
Baguio City
Philippines 2600
Phone: +63(74)442-3540
Fax:   +63(74)442-3071
http://www.ubaguio.edu


--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

Reply via email to