Re: how to protect against peer-to-peer?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Adrian C." <drupix@gmail.com>
To: Adam Lang <aalang@rutgersinsurance.com>
Cc: linux-admin@vger.kernel.org
Subject: Re: how to protect against peer-to-peer?
Date: Mon, 22 Nov 2004 15:53:54 +0200	[thread overview]
Message-ID: <60a7468904112205532cc2467@mail.gmail.com> (raw)
In-Reply-To: <001a01c4d098$b63639f0$530a0a0a@rutgersinsurance.com>

This is what i use. It disables torrents, emule, dc++. Kazaa.. don't
know. But this can be used even over port 80 or much simplier over
http tunnel. Be advised that BitComet and Azureus clients use a
different range of ports. You have to look for them yourself. They are
not included here.

--Adrian.

#cutoff emule/torrent
iptables -A FORWARD -p tcp -m multiport --dports
6881,6882,6883,6884,6885,6886,6887,6888,6889,1214 -j REJECT
iptables -A FORWARD -p udp -m multiport --dports
6881,6882,6883,6884,6885,6886,6887,6888,6889,1214 -j REJECT
iptables -A FORWARD -p tcp -m multiport --dports 6346,6347 -j REJECT
iptables -A FORWARD -p udp -m multiport --dports 6346,6347 -j REJECT
iptables -A FORWARD -p tcp -m multiport --dports
4711,4665,4661,4672,4662,8080,9955 -j REJECT
iptables -A FORWARD -p udp -m multiport --dports
4711,4665,4661,4672,4662,8080,9955 -j REJECT
iptables -A FORWARD -p tcp --dport 4242:4299 -j REJECT
iptables -A FORWARD -p udp --dport 4242:4299 -j REJECT
iptables -A FORWARD -p tcp --dport 6881:6999 -j REJECT
iptables -A FORWARD -p udp --dport 6881:6999 -j REJECT



On Mon, 22 Nov 2004 08:39:38 -0500, Adam Lang
<aalang@rutgersinsurance.com> wrote:
> Two ways to go about it.
> 
> First, block ALL outgoing ports and open only those needed to work (port 80
> from the Squid machine, etc.)
> 
> Second, have management reprimand the people that have these programs
> installed on their computers.  If they continue them, management has to take
> action.  Also, they should put out a definitive policy on such use first and
> then give a "week amnesty period".
> 
> The only truly effective way to deal with such programs is through
> management.  Put will find out emule isn't so great when it costs them their
> jobs.
> 
> 
> ----- Original Message -----
> From: "Luca Ferrari" <fluca1978@infinito.it>
> To: <linux-admin@vger.kernel.org>
> Sent: Monday, November 22, 2004 5:27 AM
> Subject: how to protect against peer-to-peer?
> 
> > Hi,
> > in my network users are increasing the amount of peer-to-peer traffic
> (e-mule,
> > winmx), how can I deny the above traffic? I'm using iptables and squid on
> my
> > linux firewall, but I don't know if there's a specific port to lock or
> > something else I can use to recognize the "bad" packet in the network
> > traffic.
> >
> > Thanks,
> > Luca
> > --
> > Luca Ferrari,
> > fluca1978@infinito.it
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

next prev parent reply	other threads:[~2004-11-22 13:53 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-22 10:27 how to protect against peer-to-peer? Luca Ferrari
2004-11-22 13:02 ` urgrue
2004-11-22 13:39 ` Adam Lang
2004-11-22 13:53   ` Adrian C. [this message]
2004-11-22 13:57     ` Adrian C.
2005-02-12  1:01     ` RH Ent. 3.0 = no support for firewire HD? Eve Atley
2005-03-22 19:49     ` Best way to enable 'guest' access onto Linux fileserver? Eve Atley
2005-03-22 20:09       ` Grant Coady
2005-03-23 16:15       ` Jens Knoell
2005-03-23 21:10         ` Eve Atley
2005-03-23 23:01           ` Jens Knoell
2005-03-28 16:53             ` Resolved: " Eve Atley
2004-11-22 15:53 ` how to protect against peer-to-peer? Jens Knoell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=60a7468904112205532cc2467@mail.gmail.com \
    --to=drupix@gmail.com \
    --cc=aalang@rutgersinsurance.com \
    --cc=linux-admin@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.