FreeBSD: Blocking Limewire
 

I post here, because I'm about to pull my hair with this one :!:
Does anybody know a way to kill Limewire traffic in a Unix based firewall environment :?:
I have been working for the last week, at work, with Snort and Snort-Inline, and even though I have set all available rules found on the Internet, specially the "Bleeding" rules: http://www.bleedingsnort.com/ , sometimes Limewire gets through and connects.
It seems that there is some special condition which Snort is missing, and it randomly fails. When this happens, Limewire connects.

After fumbling around with Honeynets (Linux based) for almost 4 days ( http://www.honeynets.org ), I decided to go back to FreeBSD 6.0
Took me less than half hour to set up as "bridging", using both interface cards. So today, I've been able to block almost every file sharing program, EXCEPT Limewire :!:
It uses random ports, and it's a nightmare to block.
I have even started tracing with "tcpdump" to try and get a "signature" of the Limewire protocol behaviour.
So PLEASE, if anyone knows a specific method of blocking Limewire (and Gnutella network, which is the same), let me know.
If I can't find a solution, I will probably have to sit down and develop an application to do it, which I already have something cooking in my brain, but it's no easy task.

Thanks,
-kwag

Just to update this post, and report the solution.
I installed and revised the pig rules :D, "Snort", http://www.snort.org and that took care of everything ;)
Now some people hate me at work, because file sharing is dead for everyone :mrgreen:
But the internet services for customers is now top notch, and running full speed, which is the way it's supposed to be :cool:

-kwag

Oh, and let me guess; all that cost you and your company :roll: how many thousands :?:
Actually it cost you 0.00€ :lol:.
But just try to do it under M$.
Here in PTG you'd easilly had spent 5,000.00-6,000.00€ on OS, SQL and IDS software that would run under M$.
God bless BSD :lol:.
Cheers

You're right Rui :D
It cost me $0.00, at least on software, but it does cost time to configurate and setup.
I'm actually selling a "PIG" (:lol:) package for under $3,000, which includes a PC configured as a transparent bridge, and some special configurations of mine own (kernel options, rules, etc.), and I have some VERY pleased and happy customers :D
Their networks are running very efficient, file sharing free, and they no longer have headaches :)
I guess I'll have to start wearing a bullet proof vest and helmet every time they call me in for some maintenance :mrgreen: (if they ever do, because BSDs hardly ever fail :cool: )

Cheers!,
-kwag