From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jens Knoell Subject: Re: how to protect against peer-to-peer? Date: Mon, 22 Nov 2004 08:53:36 -0700 Message-ID: <41A20B80.9040209@surefoot.com> References: <200411221127.53218.fluca1978@infinito.it> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <200411221127.53218.fluca1978@infinito.it> Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Luca Ferrari Cc: linux-admin@vger.kernel.org Luca Ferrari wrote: >Hi, >in my network users are increasing the amount of peer-to-peer traffic (e-mule, >winmx), how can I deny the above traffic? I'm using iptables and squid on my >linux firewall, but I don't know if there's a specific port to lock or >something else I can use to recognize the "bad" packet in the network >traffic. > >Thanks, >Luca > > The only sure way to block them is to totally deny inbound connections (unless needed for some purpose or another) and restrict outbound connections to, say, port 80, 443 (web), depending on your network config maybe 25 (smtp), 110 (pop3), and 53 (DNS). Personally, I just force everyone through a very restrictive filtering proxy and don't allow direct connections at all. Since you do have squid on there you can do the same. The other way, as already mentioned, is a policy change. Here, I gave everyone a week to clean up their act, and worked with people to make sure their computers are clean. After that... everyone caught inappropiately using their machine got fired the same day. Works like a charm. J