I also use snmp and mrtg. I like seeing how much traffic is coming through during the night.
On 6/8/2010 8:52 AM, Eric Peters wrote: > I agree, proactively monitoring your network, makes for good practice, > and also peace of mind. Security through obscurity, and passive > reactionary monitoring is just asking for your network to be abused. > Here are just some tools that I use on a daily basis which > would easily detect p2p traffic and other abuses. > > Ntop = /ntop/ is a network traffic probe that shows the network > usage, similar to what the popular top Unix command does, but prettier! > Snort = /Snort/ is a free and open source network intrusion > prevention system (NIPS) and network intrusion detection system (NIDS) > Snorby = Great front end for Snort, I'm currently working on a howto > for this under Ubuntu 10.4 > ET Rules = Emerging Threats is an open source community project with > the fastest moving and most diverse Snort Signature set and firewall > rules available > Wireshark = /Wireshark/ is a network protocol analyzer > nmap = Security Scanner For Network Exploration & computer scanning > > I'm curious as to what everyone else is using? Did I leave anything out? > What's your thoughts on this subject? > > > Cheers, > Eric > > > On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders <[email protected] > <mailto:[email protected]>> wrote: > > I second Paul that is the way to go, once one finds out they have > eyes on them, it "can" fix it's self. We had a problem with an > individual serving up files and the big bad record industry sent a > letter. That gave us the right to cut the user off. Once turned back > on behavior changed. You will get some flack on the front end but > over time a majority of the community will get in line. > > Danny Michael Sanders > IT Support Analyst > > ----- "Paul Graydon" <[email protected] > <mailto:[email protected]>> wrote: > > That will help, but realistically you're going to have to block > every "high port" to stop P2P through that method. > > > > The only way to effectively block P2P is to do packet sniffing > and analysis.. and that's just one big hassle. > > > > My belief is this is usually the wrong way to tackle the problem, > looking for a technical solution to a human resource problem. > > User education (and LARTing if necessary) is the key. Using > software like Cacti to monitor and graph per-port traffic stats, > identify the largest bandwidth users and then focus on them and find > out just why they're using up so much bandwidth. > > It's remarkable just how soon the problem all goes away after you > find just one or two individuals who are abusing the network > infrastructure and explain to them what the disciplinary procedures > are (or enact if it's appropriate and you have concrete evidence.) > The message soon spreads! > > > > Paul > > > > On 06/04/2010 05:03 AM, Greyson Farias wrote: > > Hello, > > > > You can use these iptables rules, because I don't like, don't > use and I don't wanna learn ufw. hehehehehe > > > > # Block P2P connections > > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP > > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP > > iptables -A FORWARD -p tcp --dport 1981 -j DROP > > iptables -A FORWARD -p udp --dport 1981 -j DROP > > iptables -A FORWARD -p tcp --dport 2037 -j DROP > > iptables -A FORWARD -p udp --dport 2037 -j DROP > > iptables -A FORWARD -p tcp --dport 3501 -j DROP > > iptables -A FORWARD -p udp --dport 3501 -j DROP > > iptables -A FORWARD -p tcp --dport 3531 -j DROP > > iptables -A FORWARD -p udp --dport 3531 -j DROP > > iptables -A FORWARD -p tcp --dport 3587 -j DROP > > iptables -A FORWARD -p udp --dport 3587 -j DROP > > iptables -A FORWARD -p tcp --dport 3955 -j DROP > > iptables -A FORWARD -p udp --dport 3955 -j DROP > > iptables -A FORWARD -p tcp --dport 4242 -j DROP > > iptables -A FORWARD -p udp --dport 4242 -j DROP > > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP > > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP > > iptables -A FORWARD -p tcp --dport 4688 -j DROP > > iptables -A FORWARD -p udp --dport 4688 -j DROP > > iptables -A FORWARD -p tcp --dport 5121 -j DROP > > iptables -A FORWARD -p udp --dport 5121 -j DROP > > iptables -A FORWARD -p tcp --dport 5662 -j DROP > > iptables -A FORWARD -p udp --dport 5662 -j DROP > > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP > > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP > > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP > > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP > > iptables -A FORWARD -p tcp --dport 6699 -j DROP > > iptables -A FORWARD -p udp --dport 6699 -j DROP > > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP > > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP > > iptables -A FORWARD -p tcp --dport 8473 -j DROP > > iptables -A FORWARD -p udp --dport 8473 -j DROP > > > > > > > > > > 2010/6/4 Kaushal Shriyan <[email protected] > <mailto:[email protected]>> > > > > Hi, > > > > is there a howto for blocking p2p traffic on ubuntu 10.04 > server ? > > > > Thanks, > > > > Kaushal > > > > -- > > ubuntu-server mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > > More info: https://wiki.ubuntu.com/ServerTeam > > > > > > > > > -- > > Greyson Farias > > Técnico em Informática - CREA/AC 9329TD > > Ubuntu user > > Eu prefiro receber documentos em ODF. > > http://ubuntu.com/download/getubuntu > > Blog Ubuntu Acre: http://ubuntu-ac.org > > > > > > > > > > -- > ubuntu-server mailing list > [email protected] <mailto:[email protected]> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > > -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
