I post here, because I'm about to pull my hair with this one
Does anybody know a way to kill Limewire traffic in a Unix based firewall environment
I have been working for the last week, at work, with Snort and Snort-Inline, and even though I have set all available rules found on the Internet, specially the "Bleeding" rules:
http://www.bleedingsnort.com/ , sometimes Limewire gets through and connects.
It seems that there is some special condition which Snort is missing, and it randomly fails. When this happens, Limewire connects.
After fumbling around with Honeynets (Linux based) for almost 4 days (
http://www.honeynets.org ), I decided to go back to FreeBSD 6.0
Took me less than half hour to set up as "bridging", using both interface cards. So today, I've been able to block almost every file sharing program, EXCEPT Limewire
It uses random ports, and it's a nightmare to block.
I have even started tracing with "tcpdump" to try and get a "signature" of the Limewire protocol behaviour.
So PLEASE, if anyone knows a specific method of blocking Limewire (and Gnutella network, which is the same), let me know.
If I can't find a solution, I will probably have to sit down and develop an application to do it, which I already have something cooking in my brain, but it's no easy task.
Thanks,
-kwag