From: Jens Knoell <jens@surefoot.com>
To: Luca Ferrari <fluca1978@infinito.it>
Cc: linux-admin@vger.kernel.org
Subject: Re: how to protect against peer-to-peer?
Date: Mon, 22 Nov 2004 08:53:36 -0700 [thread overview]
Message-ID: <41A20B80.9040209@surefoot.com> (raw)
In-Reply-To: <200411221127.53218.fluca1978@infinito.it>
Luca Ferrari wrote:
>Hi,
>in my network users are increasing the amount of peer-to-peer traffic (e-mule,
>winmx), how can I deny the above traffic? I'm using iptables and squid on my
>linux firewall, but I don't know if there's a specific port to lock or
>something else I can use to recognize the "bad" packet in the network
>traffic.
>
>Thanks,
>Luca
>
>
The only sure way to block them is to totally deny inbound connections
(unless needed for some purpose or another) and restrict outbound
connections to, say, port 80, 443 (web), depending on your network
config maybe 25 (smtp), 110 (pop3), and 53 (DNS).
Personally, I just force everyone through a very restrictive filtering
proxy and don't allow direct connections at all. Since you do have squid
on there you can do the same.
The other way, as already mentioned, is a policy change. Here, I gave
everyone a week to clean up their act, and worked with people to make
sure their computers are clean. After that... everyone caught
inappropiately using their machine got fired the same day. Works like a
charm.
J
prev parent reply other threads:[~2004-11-22 15:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-22 10:27 how to protect against peer-to-peer? Luca Ferrari
2004-11-22 13:02 ` urgrue
2004-11-22 13:39 ` Adam Lang
2004-11-22 13:53 ` Adrian C.
2004-11-22 13:57 ` Adrian C.
2005-02-12 1:01 ` RH Ent. 3.0 = no support for firewire HD? Eve Atley
2005-03-22 19:49 ` Best way to enable 'guest' access onto Linux fileserver? Eve Atley
2005-03-22 20:09 ` Grant Coady
2005-03-23 16:15 ` Jens Knoell
2005-03-23 21:10 ` Eve Atley
2005-03-23 23:01 ` Jens Knoell
2005-03-28 16:53 ` Resolved: " Eve Atley
2004-11-22 15:53 ` Jens Knoell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41A20B80.9040209@surefoot.com \
--to=jens@surefoot.com \
--cc=fluca1978@infinito.it \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).