LinkBack URL
About LinkBacksDoes anybody know the best way to block the use of P2P file sharing applications such as Limewire?
Does anybody know the best way to block the use of P2P file sharing applications such as Limewire?
Block it at the firewall / router.
Is that done by specifying the port? I tried to find out what port Limewire uses, but it has an option which finds an available port.
You could restrict users from running executables?
Block all ports except those that you want to use ... this usually means that nothing goes in our out unless it is from or for a specified machine.
Are you going through you EMBC connection? By default file sharing ports should be turned off ... if not then have a word with .ICT or Fujitsu services.
If you are running your own firewall then you need to configue this to block it ... standard ports for KaZaA are 1214 outbound and 1214-8000 inbound ... for Limewire block TCP 6346 and UDP 6346.
This is not a complete fix but will sort the bulk of problems.
We also run CounterSpy as our anit-spyware / malware app ... and it is configured to autmatically uninstall most P2P applications.
Yes we are with EMBC. I will look into the things that you have suggested, and see how it goes.
Thanks
Most p2p stuff is "port agile" - if you block one port it uses, it'll move tpo another. As such, only Grumbledook's idea has a hope of working. Add to that some layer7 filtering, or proxies on ALL open ports... and you'd get very good coverage.
Also consider an IDS (eg Snort) to detect anyone attempting to use any P2P apps. It's best placed on your firewall (so your firewall can react and shut them down) but you can put it on your core switch (using port mirroring) if you simply want to monitor the situation.
Craig
We are with EMBC aswell, and as far as i know you are unable to use P2P software, as it just wont connect....
I would have a word with the service desk if the students are able to get P2P software to connect
It is likely to be tunneling through port 80 which means either the filtering is not fully on or there are other issues ... do you have single sign on enables? Do you have any other sort of filter / cache other than the EMBC setup?
I hear the new version of Schoolguardian inspects the traffic in such a way to block P2P -regardless of port agility or proxying through http.
Just a thought - maybe Tom can confirm?
They are various products available to buy that throttle the bandwith for p2p / messenging programs. They are not cheap though and will set you back about £1,000. http://ipoque.com/en/p2p_filter.html is something I have had on trial before and I liked the product but I couldn't justify spending money on it as it is not such an issue here.
http://www.lynanda.com/products/soft...a-skype-filter
Appears to be an open source peice of software that detects p2p traffic but not sure how could or successful it is.
http://ipp2p.org/
Is another opensource product.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
