digitalFAQ.com Forums [Archives]

digitalFAQ.com Forums [Archives] (http://www.digitalfaq.com/archives/)
-   Computers (http://www.digitalfaq.com/archives/computers/)
-   -   FreeBSD: Blocking Limewire (http://www.digitalfaq.com/archives/computers/13937-freebsd-blocking-limewire.html)

kwag 11-04-2005 10:03 PM

FreeBSD: Blocking Limewire
 
I post here, because I'm about to pull my hair with this one :!:
Does anybody know a way to kill Limewire traffic in a Unix based firewall environment :?:
I have been working for the last week, at work, with Snort and Snort-Inline, and even though I have set all available rules found on the Internet, specially the "Bleeding" rules: http://www.bleedingsnort.com/ , sometimes Limewire gets through and connects.
It seems that there is some special condition which Snort is missing, and it randomly fails. When this happens, Limewire connects.

After fumbling around with Honeynets (Linux based) for almost 4 days ( http://www.honeynets.org ), I decided to go back to FreeBSD 6.0
Took me less than half hour to set up as "bridging", using both interface cards. So today, I've been able to block almost every file sharing program, EXCEPT Limewire :!:
It uses random ports, and it's a nightmare to block.
I have even started tracing with "tcpdump" to try and get a "signature" of the Limewire protocol behaviour.
So PLEASE, if anyone knows a specific method of blocking Limewire (and Gnutella network, which is the same), let me know.
If I can't find a solution, I will probably have to sit down and develop an application to do it, which I already have something cooking in my brain, but it's no easy task.

Thanks,
-kwag

kwag 12-02-2005 11:07 AM

Just to update this post, and report the solution.
I installed and revised the pig rules :D, "Snort", http://www.snort.org and that took care of everything ;)
Now some people hate me at work, because file sharing is dead for everyone :mrgreen:
But the internet services for customers is now top notch, and running full speed, which is the way it's supposed to be :cool:

-kwag

rds_correia 12-03-2005 07:37 AM

Oh, and let me guess; all that cost you and your company :roll: how many thousands :?:
Actually it cost you 0.00 :lol:.
But just try to do it under M$.
Here in PTG you'd easilly had spent 5,000.00-6,000.00 on OS, SQL and IDS software that would run under M$.
God bless BSD :lol:.
Cheers

kwag 12-03-2005 11:32 AM

You're right Rui :D
It cost me $0.00, at least on software, but it does cost time to configurate and setup.
I'm actually selling a "PIG" (:lol:) package for under $3,000, which includes a PC configured as a transparent bridge, and some special configurations of mine own (kernel options, rules, etc.), and I have some VERY pleased and happy customers :D
Their networks are running very efficient, file sharing free, and they no longer have headaches :)
I guess I'll have to start wearing a bullet proof vest and helmet every time they call me in for some maintenance :mrgreen: (if they ever do, because BSDs hardly ever fail :cool: )

Cheers!,
-kwag


All times are GMT -5. The time now is 12:01 PM  —  vBulletin Jelsoft Enterprises Ltd

Site design, images and content © 2002-2020 The Digital FAQ, www.digitalFAQ.com
Forum Software by vBulletin · Copyright © 2020 Jelsoft Enterprises Ltd.