Quantcast FreeBSD: Blocking Limewire - digitalFAQ.com Forums [Archives]
  #1  
11-04-2005, 10:03 PM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
I post here, because I'm about to pull my hair with this one
Does anybody know a way to kill Limewire traffic in a Unix based firewall environment
I have been working for the last week, at work, with Snort and Snort-Inline, and even though I have set all available rules found on the Internet, specially the "Bleeding" rules: http://www.bleedingsnort.com/ , sometimes Limewire gets through and connects.
It seems that there is some special condition which Snort is missing, and it randomly fails. When this happens, Limewire connects.

After fumbling around with Honeynets (Linux based) for almost 4 days ( http://www.honeynets.org ), I decided to go back to FreeBSD 6.0
Took me less than half hour to set up as "bridging", using both interface cards. So today, I've been able to block almost every file sharing program, EXCEPT Limewire
It uses random ports, and it's a nightmare to block.
I have even started tracing with "tcpdump" to try and get a "signature" of the Limewire protocol behaviour.
So PLEASE, if anyone knows a specific method of blocking Limewire (and Gnutella network, which is the same), let me know.
If I can't find a solution, I will probably have to sit down and develop an application to do it, which I already have something cooking in my brain, but it's no easy task.

Thanks,
-kwag
Reply With Quote
Someday, 12:01 PM
admin's Avatar
Site Staff / Ad Manager
 
Join Date: Dec 2002
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
  #2  
12-02-2005, 11:07 AM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
Just to update this post, and report the solution.
I installed and revised the pig rules , "Snort", http://www.snort.org and that took care of everything
Now some people hate me at work, because file sharing is dead for everyone
But the internet services for customers is now top notch, and running full speed, which is the way it's supposed to be

-kwag
Reply With Quote
  #3  
12-03-2005, 07:37 AM
rds_correia rds_correia is offline
Free Member
 
Join Date: Apr 2003
Location: Chinese Democracy starts now!
Posts: 2,563
Thanks: 1
Thanked 0 Times in 0 Posts
Oh, and let me guess; all that cost you and your company how many thousands
Actually it cost you 0.00€ .
But just try to do it under M$.
Here in PTG you'd easilly had spent 5,000.00-6,000.00€ on OS, SQL and IDS software that would run under M$.
God bless BSD .
Cheers
__________________
Rui
Reply With Quote
  #4  
12-03-2005, 11:32 AM
kwag kwag is offline
Free Member
 
Join Date: Apr 2002
Location: Puerto Rico, USA
Posts: 13,537
Thanks: 0
Thanked 0 Times in 0 Posts
You're right Rui
It cost me $0.00, at least on software, but it does cost time to configurate and setup.
I'm actually selling a "PIG" () package for under $3,000, which includes a PC configured as a transparent bridge, and some special configurations of mine own (kernel options, rules, etc.), and I have some VERY pleased and happy customers
Their networks are running very efficient, file sharing free, and they no longer have headaches
I guess I'll have to start wearing a bullet proof vest and helmet every time they call me in for some maintenance (if they ever do, because BSDs hardly ever fail )

Cheers!,
-kwag
Reply With Quote
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking Unwanted Parasites with a Hosts File sparskter Computers 0 08-20-2006 06:25 AM
FreeBSD: Installing 5.3 igpf Computers 0 12-14-2004 01:16 PM
FreeBSD: 'BTX halted' while installing FreeBSD... rds_correia Computers 5 09-17-2004 04:39 PM
KDE-FreeBSD Home kwag Computers 1 05-06-2004 09:41 PM
FreeBSD: Where to dowload, where to buy kwag Computers 0 09-18-2003 12:27 PM

Thread Tools



 
All times are GMT -5. The time now is 08:33 AM  —  vBulletin © Jelsoft Enterprises Ltd