how to block p2p

how to block p2p

[Tomasz Macioszek]

Hello!!
I would like to block all known p2p program ( Kazaa, eDonkey, ...). I would
like to find patch of iptables (p-o-m) which blocks all this programs??

Thanks for your help
Tomek

Re: how to block p2p

[Antony Stone]

On Thursday 11 March 2004 9:01 am, Ray Leach wrote:

> On Thu, 2004-03-11 at 10:37, Tomasz Macioszek wrote:
> > Hello!!
> > I would like to block all known p2p program ( Kazaa, eDonkey, ...). I
> > would like to find patch of iptables (p-o-m) which blocks all this
> > programs??
>
> iptables -P FORWARD DROP

Great answer :)

Antony.

-- 
The difference between theory and practice is that in theory there is no 
difference, whereas in practice there is.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: how to block p2p

[Ray Leach]

[-- Attachment #1.1: Type: text/plain, Size: 553 bytes --]

On Thu, 2004-03-11 at 10:37, Tomasz Macioszek wrote:

> Hello!!
> I would like to block all known p2p program ( Kazaa, eDonkey, ...). I would
> like to find patch of iptables (p-o-m) which blocks all this programs??
> 

iptables -P FORWARD DROP


> Thanks for your help
> Tomek

-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #1.2: Type: text/html, Size: 1080 bytes --]

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: how to block p2p

[Antony Stone]

On Thursday 11 March 2004 9:01 am, Ray Leach wrote:

> On Thu, 2004-03-11 at 10:37, Tomasz Macioszek wrote:
> > Hello!!
> > I would like to block all known p2p program ( Kazaa, eDonkey, ...). I
> > would like to find patch of iptables (p-o-m) which blocks all this
> > programs??
>
> iptables -P FORWARD DROP

I would perhaps add:
iptables -F FORWARD
just to make sure they don't sneak through on any existing rules :)

Antony.

-- 
The truth is rarely pure, and never simple.

 - Oscar Wilde

                                                     Please reply to the list;
                                                           please don't CC me.

Re: how to block p2p

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 297 bytes --]

Le jeu 11/03/2004 à 09:59, Antony Stone a écrit :
you forget :
iptables -F FORWARD
> > iptables -P FORWARD DROP

seriously, I've never test :
http://sourceforge.net/projects/iptables-p2p
but should be helpful

BR,
-- 
Eric Leblond
NuFW, Now User Filtering Works (http://www.nufw.org)

[-- Attachment #2: Ceci est une partie de message numériquement signée. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: how to block p2p

[Antony Stone]

On Thursday 11 March 2004 9:17 am, Tomasz Macioszek wrote:

> > > iptables -P FORWARD DROP
> > iptables -F FORWARD

> I know but I would like to block only p2p traffic??
> Is patch which blocks only p2p??

I do not know of a way to block p2p without blocking other protocols.

However, does not mean there isn't one, just that I don't know about it.

Regards,

Antony.

-- 
There's no such thing as bad weather - only the wrong clothes.

 - Billy Connolly

                                                     Please reply to the list;
                                                           please don't CC me.

Re: how to block p2p

[Alexander Samad]

[-- Attachment #1: Type: text/plain, Size: 835 bytes --]

On Thu, Mar 11, 2004 at 09:10:19AM +0000, Antony Stone wrote:
> On Thursday 11 March 2004 9:01 am, Ray Leach wrote:
> 
> > On Thu, 2004-03-11 at 10:37, Tomasz Macioszek wrote:
> > > Hello!!
> > > I would like to block all known p2p program ( Kazaa, eDonkey, ...). I
> > > would like to find patch of iptables (p-o-m) which blocks all this
> > > programs??
> >
> > iptables -P FORWARD DROP
> 
> I would perhaps add:
> iptables -F FORWARD
> just to make sure they don't sneak through on any existing rules :)

sysctl -w net.ipv4.ip_forward = 0

> 
> Antony.
> 
> -- 
> The truth is rarely pure, and never simple.
> 
>  - Oscar Wilde
> 
>                                                      Please reply to the list;
>                                                            please don't CC me.
> 
> 
> 

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: how to block p2p

[Alexander Samad]

[-- Attachment #1: Type: text/plain, Size: 836 bytes --]

On Thu, Mar 11, 2004 at 09:26:26AM +0000, Antony Stone wrote:
> On Thursday 11 March 2004 9:17 am, Tomasz Macioszek wrote:
> 
> > > > iptables -P FORWARD DROP
> > > iptables -F FORWARD
> 
> > I know but I would like to block only p2p traffic??
> > Is patch which blocks only p2p??
> 
> I do not know of a way to block p2p without blocking other protocols.

From memory MSN can use http, i block it in squid as well as netfilter.

> 
> However, does not mean there isn't one, just that I don't know about it.
> 
> Regards,
> 
> Antony.
> 
> -- 
> There's no such thing as bad weather - only the wrong clothes.
> 
>  - Billy Connolly
> 
>                                                      Please reply to the list;
>                                                            please don't CC me.
> 
> 
> 

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: how to block p2p

[Kristian Hald]

I use FTwall(P2Pwall) to block Kazaa. Works quite well. 
http://www.lowth.com/p2pwall/ftwall/
Furthermore in our dormitories firewall I added blocking of the standard 
ports for P2P programs. Edonkey = 4662 and so on.
The traffic went from top to zero nearly instant.

It was then added to the dormitory rules that use of programs like 
Kazaa, Edonkey and other filesharing programs were against normal use.
Snort has been installed to check weither a person is using a P2P 
program or not and they are then warned before disconnected from the 
Internet for life.

Still people who download, however they do not generate very much 
traffic, since most people on the Internet use the standard ports, which 
are blocked.

regards
Kristian Hald

Re: how to block p2p

[Babar Kazmi]

Dear

You can use squid or netfilter to block the same.
I think squid is more manageable and don't effect other stuff.

Regards

Babar Kazmi

>On Thu, Mar 11, 2004 at 09:26:26AM +0000, Antony Stone wrote:
> > On Thursday 11 March 2004 9:17 am, Tomasz Macioszek wrote:
> >
> > > > > iptables -P FORWARD DROP
> > > > iptables -F FORWARD
> >
> > > I know but I would like to block only p2p traffic??
> > > Is patch which blocks only p2p??
> >
> > I do not know of a way to block p2p without blocking other protocols.

> >
> > However, does not mean there isn't one, just that I don't know about it.
> >
> > Regards,
> >
> > Antony.
> >
> > -- 
> > There's no such thing as bad weather - only the wrong clothes.
> >
> >  - Billy Connolly
> >
> >                                                      Please reply to the
list;
> >                                                            please don't
CC me.
> >
> >
> >
><< signature.asc >>

Re: how to block p2p

[Antony Stone]

On Thursday 11 March 2004 11:27 am, Babar Kazmi wrote:

> Dear
>
> You can use squid or netfilter to block the same.
> I think squid is more manageable and don't effect other stuff.

But is port 80 (http) filtering sufficient to block p2p?

I thought (I have little experience of trying to do this) that p2p networks 
were sufficiently clever (read: adaptive) that if you blocked them 
communicating by one means, then they would find an alternative (port 22, 25, 
110, 443, 3128, 8080....etc)?

Regards,

Antony.

> >On Thu, Mar 11, 2004 at 09:26:26AM +0000, Antony Stone wrote:
> > > On Thursday 11 March 2004 9:17 am, Tomasz Macioszek wrote:
> > > > > > iptables -P FORWARD DROP
> > > > >
> > > > > iptables -F FORWARD
> > > >
> > > > I know but I would like to block only p2p traffic??
> > > > Is patch which blocks only p2p??
> > >
> > > I do not know of a way to block p2p without blocking other protocols.
> > >
> > >
> > > However, does not mean there isn't one, just that I don't know about
> > > it.
> > >
> > > Regards,
> > >
> > > Antony.
> > >
> > > --
> > > There's no such thing as bad weather - only the wrong clothes.
> > >
> > >  - Billy Connolly
> > >
> > >                                                      Please reply to
> > > the
>
> list;
>
> > >                                                            please don't
>
> CC me.
>
> ><< signature.asc >>

-- 
There are only 10 types of people in the world:
those who understand binary notation,
and those who don't.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: how to block p2p

[Krystian]

Tomasz Macioszek wrote:

>Hello!!
>I would like to block all known p2p program ( Kazaa, eDonkey, ...). I would
>like to find patch of iptables (p-o-m) which blocks all this programs??
>
>Thanks for your help
>Tomek
>  
>
maybe ill write some tutorial :D

protecting from P2P is difficult, all depends on you users skillz :)
couple things I do:
- dont block normal P2P ports. it wont solve much becouse the user or 
the program (kazaa automaticly) changes ports to avoid such block. 
besides if you dont block the port you can easily spot P2P connections 
in program like IPTRAF(which helps diagnosing)
- do QoS on your router forcing every packet from HTTP.. to have 
prioroty over nonstandart ports.
- to filter connections on normal ports(HTTPS) use layer-7 filters like 
squid (for http,ftp and https), for other programs (SMTP,POP3,NEWS...) 
user layer-7 filters
- this should help you squash around 95% of downloaders. the other 5% 
you r going to slay using IPTRAF+normal user punishing :D

One more thing which is the good. P2P programs like to use a lot of 
connections. Limit number of connections per user to lets say 20-30 (im 
guessing here :). this is the easyiest to do with a proper Iptables 
filter :)

p.s.
sorry for my english

Krystian Antoni Szybis
tez Polak :D

Re: how to block p2p

[Kristian Hald]

Hello,

> - dont block normal P2P ports. it wont solve much becouse the user or 
> the program (kazaa automaticly) changes ports to avoid such block. 
> besides if you dont block the port you can easily spot P2P connections 
> in program like IPTRAF(which helps diagnosing)
> - do QoS on your router forcing every packet from HTTP.. to have 
> prioroty over nonstandart ports.
> - to filter connections on normal ports(HTTPS) use layer-7 filters 
> like squid (for http,ftp and https), for other programs 
> (SMTP,POP3,NEWS...) user layer-7 filters
> - this should help you squash around 95% of downloaders. the other 5% 
> you r going to slay using IPTRAF+normal user punishing :D
>
> One more thing which is the good. P2P programs like to use a lot of 
> connections. Limit number of connections per user to lets say 20-30 
> (im guessing here :). this is the easyiest to do with a proper 
> Iptables filter :)


I'm more for blocking P2P standard ports, but remember to log 
information on those ports, since Edonkey and other try to connect to 
other users who use standard ports. These are then registered and 
blocked, so you are both able to log and secure that they can't use any 
Bandwidth.
Specifically with Kazaa I'm using the FTwall(P2PWall) from sourceforge. 
It blocks Kazaa quite well.
The user can offcourse change the port, but I would recommend blocking 
connections going to standard P2P ports(Blocking both src and dest 
ports). That way alot of connections are denied, thereby not using 
Bandwidth.

QoS is a good idea if there are services you know you'll need, like 
mail, SSH, HTTP and so on. (Going to do that in the next firewall update)

Best regards
Kristian Hald

Re: how to block p2p

[Bob Keyes]

It's amazing how many people seem so anxious to block p2p. They have this
idea that nothing but mp3s of madonna and metallica are on it. Far from
the case.

Wouldn't it be better to just make sure that traffic is prioritized and
handled accordingly? for instance, dns traffic highest, followed by ssh
traffic, etc. lowest being the bulk fiel transfers of p2p, ftp, and large
http transfers.

I know of several ways to detect p2p transfers, but I am not going to tell
you, because I don't want to find some overzealous ISP administrator
blocking my Debian updates.

oh, by the way, http://xa.net/p2ping

Re: how to block p2p

[Michael Gale]

Hello,

	Are you sure it has nothing to do with work vs play well you are at work ? I
have worked for companies where MSN Messenger was widely used it was disrupting
work. 

Projects where not getting done, some people actually asked managers to "hold on
a sec" so they could finish their messages. 

What about the cost of bandwidth ? If your company has to pay X number of
dollars a month because your employee are downloading music from kaza -- which
may be illegal depending on where you work and against company policy.

Plus there are ways of allowing needed work related p2p connections after
blocking the rest.

Michael.




On Thu, 11 Mar 2004 13:00:45 -0500 (EST)
Bob Keyes <bob@sinister.com> wrote:

> It's amazing how many people seem so anxious to block p2p. They have this
> idea that nothing but mp3s of madonna and metallica are on it. Far from
> the case.
> 
> Wouldn't it be better to just make sure that traffic is prioritized and
> handled accordingly? for instance, dns traffic highest, followed by ssh
> traffic, etc. lowest being the bulk fiel transfers of p2p, ftp, and large
> http transfers.
> 
> I know of several ways to detect p2p transfers, but I am not going to tell
> you, because I don't want to find some overzealous ISP administrator
> blocking my Debian updates.
> 
> oh, by the way, http://xa.net/p2ping
> 
> 
> 
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: how to block p2p

[Michael Gale]

Hello,

	From my experience and depending on how anal you would like to get. I setup a
firewall with IPTABLES blocking all connections / traffic types and then
allowed:

port 22 out
port 21 out 
connections made by the squid UID 

I then used squid to block almost all traffic except for http. No MSN, AOL, ICQ
,... over http. No streaming audio, video (except for Microsoft training).

It cut our bandwidth usage is have which saved the company over $400 a month.

Michael.



On Thu, 11 Mar 2004 09:37:42 +0100
"Tomasz Macioszek" <tomekm@cea.pl> wrote:

> Hello!!
> I would like to block all known p2p program ( Kazaa, eDonkey, ...). I would
> like to find patch of iptables (p-o-m) which blocks all this programs??
> 
> Thanks for your help
> Tomek
> 
> 
> 
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation