[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: filtering kazaa, directconnect, ...
From:       RJ45 <rj45 () slacknet ! com>
Date:       2003-11-15 13:07:13
[Download RAW message or body]


ipf is not a application layer filter.
You might want to look for Ftwall/P2Pwall on linux to do that, but I Warn
you that it is very heavy and CPU consuming.

There are other ways to filter P2P traffic.
MY solution for example (Since all my network is natted)
was to limit in bandwith the TCP traffic going out with a SYN flag on
ports > 1024. MY LAN has 500 computers and I Set up a bandwith limit f
20kb/s. So people hardly can have a reliable connection to the P2P
peers. I Also blocked complitely connections to well known P2P hubs.
IT worked  in this way even if it does not delete complitely all the P2P
traffic.
One day, probably soon, when P2P programs will be smarter, they will use
port 443 (https) and they will communicate using encryption so that you
will not be able in any way to filter P2P traffic, and that will be a big
problem.

Rick


On Sat, 15 Nov 2003, Lucian Gligor wrote:

>    Hello, IPFilter experts!
>   Please tell me how to filter kazaa, disconnect, ... with ipfilter.
> (I think I must go into the very inside of the network packets).
>   Thank you very much in advance,
>   All the best,
>   Gligor Lucian.
> 
> 

[prev in list] [next in list] [prev in thread] [next in thread]