Re: blocking gnutella
hr altq work well with carp yet? I remember hearing some painful stories a while back. --Bryan On 15 Sep 2004 09:23:29 -0700, Brent Bolin <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] (Jason Dixon) wrote in message news:<[EMAIL PROTECTED]>... > > On Sep 14, 2004, at 3:33 PM, Bryan Irvine wrote: > > > > > I can't seem to get gnutella to break. > > > > > > gnutella = "{" 6346 6348 8436 "}" > > > block out quick proto { udp tcp } from any to any port $gnutella > > > block in quick proto { udp tcp } from any to any port $gnutella > > > > > > pftop still shows connection on 6346 though, ideas? > > > > I think this thread is still germane: > > http://marc.theaimsgroup.com/?l=openbsd-pf&m=104592911709710&w=2 > > Don't try to block it. Its a port hopper. Instead make it painfull > for the users that use it. Altq is your friend. > > They will go home and do their file sharing there. > > btb >
Re: blocking gnutella
On Sep 15, 2004, at 12:23 PM, Brent Bolin wrote: [EMAIL PROTECTED] (Jason Dixon) wrote in message news:I think this thread is still germane: http://marc.theaimsgroup.com/?l=openbsd-pf&m=104592911709710&w=2 Don't try to block it. Its a port hopper. Instead make it painfull for the users that use it. Altq is your friend. Isn't that what I just said (in the link)? -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
Re: blocking gnutella
[EMAIL PROTECTED] (Jason Dixon) wrote in message news:<[EMAIL PROTECTED]>... > On Sep 14, 2004, at 3:33 PM, Bryan Irvine wrote: > > > I can't seem to get gnutella to break. > > > > gnutella = "{" 6346 6348 8436 "}" > > block out quick proto { udp tcp } from any to any port $gnutella > > block in quick proto { udp tcp } from any to any port $gnutella > > > > pftop still shows connection on 6346 though, ideas? > > I think this thread is still germane: > http://marc.theaimsgroup.com/?l=openbsd-pf&m=104592911709710&w=2 Don't try to block it. Its a port hopper. Instead make it painfull for the users that use it. Altq is your friend. They will go home and do their file sharing there. btb
Re: blocking gnutella
On Sep 14, 2004, at 3:33 PM, Bryan Irvine wrote: I can't seem to get gnutella to break. gnutella = "{" 6346 6348 8436 "}" block out quick proto { udp tcp } from any to any port $gnutella block in quick proto { udp tcp } from any to any port $gnutella pftop still shows connection on 6346 though, ideas? I think this thread is still germane: http://marc.theaimsgroup.com/?l=openbsd-pf&m=104592911709710&w=2 -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
Re: blocking gnutella
Gnutella is a slippery protocol, being peer to peer its highly network configurable. Its not always a simple matter of blocking a particular port. If your handy with network programming (with perl or java or any network-useful language) you might want to consider blocking unwanted protocols by setting up a daemon or similar utility to sniff for protocol fingerprints and reject them at the application layer. All protocols announce what they are in the first few packets (at least I'm pretty sure they all do...) Of course this method will become useless when p2p developers start using ssl and other secure transport methods, which they are bound to do soon. Amir S Mesry writes: Little bit more info would help people on the list, maybe post your pf.conf with ip's xxx.xxx out and a simple diagram of your network setup. Look like your not blocking on the internal interface from what your describing possibly. Amir Mesry [EMAIL PROTECTED] Cadillac Jack, Inc. http://www.cadillacjack.com/ Network & Systems Administrator 2420 Meadowbrook Parkway Duluth, GA 30096 770-865-0034 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Irvine Sent: Tuesday, September 14, 2004 3:34 PM To: [EMAIL PROTECTED] Subject: blocking gnutella I can't seem to get gnutella to break. gnutella = "{" 6346 6348 8436 "}" block out quick proto { udp tcp } from any to any port $gnutella block in quick proto { udp tcp } from any to any port $gnutella pftop still shows connection on 6346 though, ideas? --Bryan
Re: blocking gnutella
On Tue, 2004-09-14 at 15:33, Bryan Irvine wrote: > I can't seem to get gnutella to break. > > gnutella = "{" 6346 6348 8436 "}" > block out quick proto { udp tcp } from any to any port $gnutella > block in quick proto { udp tcp } from any to any port $gnutella > > pftop still shows connection on 6346 though, ideas? > > --Bryan pftop still shows new connections being established or still shows old connections that were established before you implemented the new rules and didn't flush the state table or kill the individual states? -j =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ It has been said that Public Relations is the art of winning friends and getting people under the influence. -- Jeremy Tunstall =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
RE: blocking gnutella
Little bit more info would help people on the list, maybe post your pf.conf with ip's xxx.xxx out and a simple diagram of your network setup. Look like your not blocking on the internal interface from what your describing possibly. Amir Mesry [EMAIL PROTECTED] Cadillac Jack, Inc. http://www.cadillacjack.com/ Network & Systems Administrator 2420 Meadowbrook Parkway Duluth, GA 30096 770-865-0034 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bryan Irvine Sent: Tuesday, September 14, 2004 3:34 PM To: [EMAIL PROTECTED] Subject: blocking gnutella I can't seem to get gnutella to break. gnutella = "{" 6346 6348 8436 "}" block out quick proto { udp tcp } from any to any port $gnutella block in quick proto { udp tcp } from any to any port $gnutella pftop still shows connection on 6346 though, ideas? --Bryan
blocking gnutella
I can't seem to get gnutella to break. gnutella = "{" 6346 6348 8436 "}" block out quick proto { udp tcp } from any to any port $gnutella block in quick proto { udp tcp } from any to any port $gnutella pftop still shows connection on 6346 though, ideas? --Bryan