FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 06-08-2010, 06:32 PM
Jorge Armando Medina
 
Default block p2p traffic

Bill wrote:
> I also use snmp and mrtg. I like seeing how much traffic is coming
> through during the night.
>
vnstat is good for that, here a example:

# vnstat -i eth1 -d

eth1 / daily

day rx | tx | total
------------------------+-------------+----------------------------------------
10.05. 1.55 GB | 614.03 MB | 2.15 GB %%%%%%:::
11.05. 1.95 GB | 830.82 MB | 2.76 GB %%%%%%%%::::
12.05. 1.79 GB | 897.25 MB | 2.66 GB %%%%%%%%::::
13.05. 1.75 GB | 885.00 MB | 2.61 GB %%%%%%%::::
14.05. 2.31 GB | 845.42 MB | 3.14 GB %%%%%%%%%%::::
15.05. 504.79 MB | 372.75 MB | 877.54 MB %%:
16.05. 43.93 MB | 92.58 MB | 136.51 MB
17.05. 1.35 GB | 746.94 MB | 2.08 GB %%%%%%:::
18.05. 1.91 GB | 1.14 GB | 3.05 GB %%%%%%%%:::::
19.05. 1.38 GB | 943.80 MB | 2.30 GB %%%%%%::::
20.05. 1.29 GB | 852.66 MB | 2.12 GB %%%%%::::
21.05. 1.40 GB | 729.03 MB | 2.11 GB %%%%%%:::
22.05. 394.85 MB | 280.23 MB | 675.08 MB %%:
23.05. 78.72 MB | 184.89 MB | 263.61 MB :
24.05. 1.42 GB | 838.88 MB | 2.24 GB %%%%%%::::
25.05. 1.50 GB | 871.23 MB | 2.35 GB %%%%%%::::
26.05. 1.61 GB | 893.04 MB | 2.48 GB %%%%%%%::::
27.05. 1.67 GB | 993.82 MB | 2.65 GB %%%%%%%%::::
28.05. 1.57 GB | 1.71 GB | 3.29 GB %%%%%%%::::::::
29.05. 718.45 MB | 360.40 MB | 1.05 GB %%%:
30.05. 44.14 MB | 81.51 MB | 125.65 MB
31.05. 1.04 GB | 775.54 MB | 1.80 GB %%%%%:::
01.06. 1.15 GB | 642.65 MB | 1.78 GB %%%%%:::
02.06. 1.56 GB | 1.12 GB | 2.68 GB %%%%%%%:::::
03.06. 3.85 GB | 1.62 GB | 5.47 GB
%%%%%%%%%%%%%%%%%%:::::::
04.06. 2.32 GB | 1.49 GB | 3.81 GB %%%%%%%%%%:::::::
05.06. 876.30 MB | 449.40 MB | 1.29 GB %%%::
06.06. 117.62 MB | 158.43 MB | 276.05 MB :
07.06. 1.99 GB | 1.38 GB | 3.37 GB %%%%%%%%%::::::
08.06. 981.30 MB | 712.62 MB | 1.65 GB %%%%:::
------------------------+-------------+----------------------------------------
estimated 1.70 GB | 1.23 GB | 2.93 GB

Best regards.
> On 6/8/2010 8:52 AM, Eric Peters wrote:
>
>> I agree, proactively monitoring your network, makes for good practice,
>> and also peace of mind. Security through obscurity, and passive
>> reactionary monitoring is just asking for your network to be abused.
>> Here are just some tools that I use on a daily basis which
>> would easily detect p2p traffic and other abuses.
>>
>> Ntop = /ntop/ is a network traffic probe that shows the network
>> usage, similar to what the popular top Unix command does, but prettier!
>> Snort = /Snort/ is a free and open source network intrusion
>> prevention system (NIPS) and network intrusion detection system (NIDS)
>> Snorby = Great front end for Snort, I'm currently working on a howto
>> for this under Ubuntu 10.4
>> ET Rules = Emerging Threats is an open source community project with
>> the fastest moving and most diverse Snort Signature set and firewall
>> rules available
>> Wireshark = /Wireshark/ is a network protocol analyzer
>> nmap = Security Scanner For Network Exploration & computer scanning
>>
>> I'm curious as to what everyone else is using? Did I leave anything out?
>> What's your thoughts on this subject?
>>
>>
>> Cheers,
>> Eric
>>
>>
>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders <dsanders@jsu.edu
>> <mailto:dsanders@jsu.edu>> wrote:
>>
>> I second Paul that is the way to go, once one finds out they have
>> eyes on them, it "can" fix it's self. We had a problem with an
>> individual serving up files and the big bad record industry sent a
>> letter. That gave us the right to cut the user off. Once turned back
>> on behavior changed. You will get some flack on the front end but
>> over time a majority of the community will get in line.
>>
>> Danny Michael Sanders
>> IT Support Analyst
>>
>> ----- "Paul Graydon" <paul@paulgraydon.co.uk
>> <mailtoaul@paulgraydon.co.uk>> wrote:
>> > That will help, but realistically you're going to have to block
>> every "high port" to stop P2P through that method.
>> >
>> > The only way to effectively block P2P is to do packet sniffing
>> and analysis.. and that's just one big hassle.
>> >
>> > My belief is this is usually the wrong way to tackle the problem,
>> looking for a technical solution to a human resource problem.
>> > User education (and LARTing if necessary) is the key. Using
>> software like Cacti to monitor and graph per-port traffic stats,
>> identify the largest bandwidth users and then focus on them and find
>> out just why they're using up so much bandwidth.
>> > It's remarkable just how soon the problem all goes away after you
>> find just one or two individuals who are abusing the network
>> infrastructure and explain to them what the disciplinary procedures
>> are (or enact if it's appropriate and you have concrete evidence.)
>> The message soon spreads!
>> >
>> > Paul
>> >
>> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>
>> Hello,
>> >
>> > You can use these iptables rules, because I don't like, don't
>> use and I don't wanna learn ufw. hehehehehe
>> >
>> > # Block P2P connections
>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
>> > iptables -A FORWARD -p udp --dport 1981 -j DROP
>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
>> > iptables -A FORWARD -p udp --dport 2037 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
>> > iptables -A FORWARD -p udp --dport 3501 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
>> > iptables -A FORWARD -p udp --dport 3531 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
>> > iptables -A FORWARD -p udp --dport 3587 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
>> > iptables -A FORWARD -p udp --dport 3955 -j DROP
>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
>> > iptables -A FORWARD -p udp --dport 4242 -j DROP
>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
>> > iptables -A FORWARD -p udp --dport 4688 -j DROP
>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
>> > iptables -A FORWARD -p udp --dport 5121 -j DROP
>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
>> > iptables -A FORWARD -p udp --dport 5662 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
>> > iptables -A FORWARD -p udp --dport 6699 -j DROP
>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
>> > iptables -A FORWARD -p udp --dport 8473 -j DROP
>> >
>> >
>> >
>> >
>> > 2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com
>> <mailto:kaushalshriyan@gmail.com>>
>> >
>>
>> Hi,
>> >
>> > is there a howto for blocking p2p traffic on ubuntu 10.04
>> server ?
>> >
>> > Thanks,
>> >
>> > Kaushal
>> >
>> > --
>> > ubuntu-server mailing list
>> > ubuntu-server@lists.ubuntu.com
>> <mailto:ubuntu-server@lists.ubuntu.com>
>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> > More info: https://wiki.ubuntu.com/ServerTeam
>> >
>>
>>
>> >
>>
>> > --
>> > Greyson Farias
>> > Técnico em Informática - CREA/AC 9329TD
>> > Ubuntu user
>> > Eu prefiro receber documentos em ODF.
>> > http://ubuntu.com/download/getubuntu
>> > Blog Ubuntu Acre: http://ubuntu-ac.org
>> >
>>
>>
>> >
>> >
>>
>> --
>> ubuntu-server mailing list
>> ubuntu-server@lists.ubuntu.com <mailto:ubuntu-server@lists.ubuntu.com>
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> More info: https://wiki.ubuntu.com/ServerTeam
>>
>>
>>
>
>


--
Jorge Armando Medina
Computación Gráfica de México
Web: http://www.e-compugraf.com
Tel: 55 51 40 72, Ext: 124
Email: jmedina@e-compugraf.com
GPG Key: 1024D/28E40632 2007-07-26
GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-08-2010, 09:52 PM
Bill
 
Default block p2p traffic

I think mrtg is a little better. It graphs it out for ya so you can see
where the peaks are. It is a fantastic tool to see in a quick glance
what is going on with traffic and loads. If your working in say a data
center where you need to monitor several routers you can graph each and
every port. It was a great tool for DOS attacks we could see real quick
where the trouble was.

On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:
> Bill wrote:
>
>> I also use snmp and mrtg. I like seeing how much traffic is coming
>> through during the night.
>>
>>
> vnstat is good for that, here a example:
>
> # vnstat -i eth1 -d
>
> eth1 / daily
>
> day rx | tx | total
> ------------------------+-------------+----------------------------------------
> 10.05. 1.55 GB | 614.03 MB | 2.15 GB %%%%%%:::
> 11.05. 1.95 GB | 830.82 MB | 2.76 GB %%%%%%%%::::
> 12.05. 1.79 GB | 897.25 MB | 2.66 GB %%%%%%%%::::
> 13.05. 1.75 GB | 885.00 MB | 2.61 GB %%%%%%%::::
> 14.05. 2.31 GB | 845.42 MB | 3.14 GB %%%%%%%%%%::::
> 15.05. 504.79 MB | 372.75 MB | 877.54 MB %%:
> 16.05. 43.93 MB | 92.58 MB | 136.51 MB
> 17.05. 1.35 GB | 746.94 MB | 2.08 GB %%%%%%:::
> 18.05. 1.91 GB | 1.14 GB | 3.05 GB %%%%%%%%:::::
> 19.05. 1.38 GB | 943.80 MB | 2.30 GB %%%%%%::::
> 20.05. 1.29 GB | 852.66 MB | 2.12 GB %%%%%::::
> 21.05. 1.40 GB | 729.03 MB | 2.11 GB %%%%%%:::
> 22.05. 394.85 MB | 280.23 MB | 675.08 MB %%:
> 23.05. 78.72 MB | 184.89 MB | 263.61 MB :
> 24.05. 1.42 GB | 838.88 MB | 2.24 GB %%%%%%::::
> 25.05. 1.50 GB | 871.23 MB | 2.35 GB %%%%%%::::
> 26.05. 1.61 GB | 893.04 MB | 2.48 GB %%%%%%%::::
> 27.05. 1.67 GB | 993.82 MB | 2.65 GB %%%%%%%%::::
> 28.05. 1.57 GB | 1.71 GB | 3.29 GB %%%%%%%::::::::
> 29.05. 718.45 MB | 360.40 MB | 1.05 GB %%%:
> 30.05. 44.14 MB | 81.51 MB | 125.65 MB
> 31.05. 1.04 GB | 775.54 MB | 1.80 GB %%%%%:::
> 01.06. 1.15 GB | 642.65 MB | 1.78 GB %%%%%:::
> 02.06. 1.56 GB | 1.12 GB | 2.68 GB %%%%%%%:::::
> 03.06. 3.85 GB | 1.62 GB | 5.47 GB
> %%%%%%%%%%%%%%%%%%:::::::
> 04.06. 2.32 GB | 1.49 GB | 3.81 GB %%%%%%%%%%:::::::
> 05.06. 876.30 MB | 449.40 MB | 1.29 GB %%%::
> 06.06. 117.62 MB | 158.43 MB | 276.05 MB :
> 07.06. 1.99 GB | 1.38 GB | 3.37 GB %%%%%%%%%::::::
> 08.06. 981.30 MB | 712.62 MB | 1.65 GB %%%%:::
> ------------------------+-------------+----------------------------------------
> estimated 1.70 GB | 1.23 GB | 2.93 GB
>
> Best regards.
>
>> On 6/8/2010 8:52 AM, Eric Peters wrote:
>>
>>
>>> I agree, proactively monitoring your network, makes for good practice,
>>> and also peace of mind. Security through obscurity, and passive
>>> reactionary monitoring is just asking for your network to be abused.
>>> Here are just some tools that I use on a daily basis which
>>> would easily detect p2p traffic and other abuses.
>>>
>>> Ntop = /ntop/ is a network traffic probe that shows the network
>>> usage, similar to what the popular top Unix command does, but prettier!
>>> Snort = /Snort/ is a free and open source network intrusion
>>> prevention system (NIPS) and network intrusion detection system (NIDS)
>>> Snorby = Great front end for Snort, I'm currently working on a howto
>>> for this under Ubuntu 10.4
>>> ET Rules = Emerging Threats is an open source community project with
>>> the fastest moving and most diverse Snort Signature set and firewall
>>> rules available
>>> Wireshark = /Wireshark/ is a network protocol analyzer
>>> nmap = Security Scanner For Network Exploration& computer scanning
>>>
>>> I'm curious as to what everyone else is using? Did I leave anything out?
>>> What's your thoughts on this subject?
>>>
>>>
>>> Cheers,
>>> Eric
>>>
>>>
>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders@jsu.edu
>>> <mailto:dsanders@jsu.edu>> wrote:
>>>
>>> I second Paul that is the way to go, once one finds out they have
>>> eyes on them, it "can" fix it's self. We had a problem with an
>>> individual serving up files and the big bad record industry sent a
>>> letter. That gave us the right to cut the user off. Once turned back
>>> on behavior changed. You will get some flack on the front end but
>>> over time a majority of the community will get in line.
>>>
>>> Danny Michael Sanders
>>> IT Support Analyst
>>>
>>> ----- "Paul Graydon"<paul@paulgraydon.co.uk
>>> <mailtoaul@paulgraydon.co.uk>> wrote:
>>> > That will help, but realistically you're going to have to block
>>> every "high port" to stop P2P through that method.
>>> >
>>> > The only way to effectively block P2P is to do packet sniffing
>>> and analysis.. and that's just one big hassle.
>>> >
>>> > My belief is this is usually the wrong way to tackle the problem,
>>> looking for a technical solution to a human resource problem.
>>> > User education (and LARTing if necessary) is the key. Using
>>> software like Cacti to monitor and graph per-port traffic stats,
>>> identify the largest bandwidth users and then focus on them and find
>>> out just why they're using up so much bandwidth.
>>> > It's remarkable just how soon the problem all goes away after you
>>> find just one or two individuals who are abusing the network
>>> infrastructure and explain to them what the disciplinary procedures
>>> are (or enact if it's appropriate and you have concrete evidence.)
>>> The message soon spreads!
>>> >
>>> > Paul
>>> >
>>> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>>
>>> Hello,
>>> >
>>> > You can use these iptables rules, because I don't like, don't
>>> use and I don't wanna learn ufw. hehehehehe
>>> >
>>> > # Block P2P connections
>>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
>>> > iptables -A FORWARD -p udp --dport 1981 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
>>> > iptables -A FORWARD -p udp --dport 2037 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3501 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3531 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3587 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
>>> > iptables -A FORWARD -p udp --dport 3955 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
>>> > iptables -A FORWARD -p udp --dport 4242 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
>>> > iptables -A FORWARD -p udp --dport 4688 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
>>> > iptables -A FORWARD -p udp --dport 5121 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
>>> > iptables -A FORWARD -p udp --dport 5662 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6699 -j DROP
>>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
>>> > iptables -A FORWARD -p udp --dport 8473 -j DROP
>>> >
>>> >
>>> >
>>> >
>>> > 2010/6/4 Kaushal Shriyan<kaushalshriyan@gmail.com
>>> <mailto:kaushalshriyan@gmail.com>>
>>> >
>>>
>>> Hi,
>>> >
>>> > is there a howto for blocking p2p traffic on ubuntu 10.04
>>> server ?
>>> >
>>> > Thanks,
>>> >
>>> > Kaushal
>>> >
>>> > --
>>> > ubuntu-server mailing list
>>> > ubuntu-server@lists.ubuntu.com
>>> <mailto:ubuntu-server@lists.ubuntu.com>
>>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> > More info: https://wiki.ubuntu.com/ServerTeam
>>> >
>>>
>>>
>>> >
>>>
>>> > --
>>> > Greyson Farias
>>> > Técnico em Informática - CREA/AC 9329TD
>>> > Ubuntu user
>>> > Eu prefiro receber documentos em ODF.
>>> > http://ubuntu.com/download/getubuntu
>>> > Blog Ubuntu Acre: http://ubuntu-ac.org
>>> >
>>>
>>>
>>> >
>>> >
>>>
>>> --
>>> ubuntu-server mailing list
>>> ubuntu-server@lists.ubuntu.com<mailto:ubuntu-server@lists.ubuntu.com>
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> More info: https://wiki.ubuntu.com/ServerTeam
>>>
>>>
>>>
>>>
>>
>>
>
>

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 07:21 AM
"Fabio T. Leitao"
 
Default block p2p traffic

I also know (and use in a customer firewall) bandwithd... it plots a decent web report of traffic per network, per IP, several protocols...

2010/6/8 Bill <beau@billbeau.net>


I think mrtg is a little better. It graphs it out for ya so you can see

where the peaks are. It is a fantastic tool to see in a quick glance

what is going on with traffic and loads. If your working in say a data

center where you need to monitor several routers you can graph each and

every port. It was a great tool for DOS attacks we could see real quick

where the trouble was.



On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:

> Bill wrote:

>

>> I also use snmp and mrtg. I like seeing how much traffic is coming

>> through during the night.

>>

>>

> vnstat is good for that, here a example:

>

> # vnstat -i eth1 -d

>

> * eth1 */ *daily

>

> * * *day * * * * rx * * *| * * tx * * *| *total

> ------------------------+-------------+----------------------------------------

> * * 10.05. * * *1.55 GB *| *614.03 MB *| * *2.15 GB * %%%%%%:::

> * * 11.05. * * *1.95 GB *| *830.82 MB *| * *2.76 GB * %%%%%%%%::::

> * * 12.05. * * *1.79 GB *| *897.25 MB *| * *2.66 GB * %%%%%%%%::::

> * * 13.05. * * *1.75 GB *| *885.00 MB *| * *2.61 GB * %%%%%%%::::

> * * 14.05. * * *2.31 GB *| *845.42 MB *| * *3.14 GB * %%%%%%%%%%::::

> * * 15.05. * *504.79 MB *| *372.75 MB *| *877.54 MB * %%:

> * * 16.05. * * 43.93 MB *| * 92.58 MB *| *136.51 MB

> * * 17.05. * * *1.35 GB *| *746.94 MB *| * *2.08 GB * %%%%%%:::

> * * 18.05. * * *1.91 GB *| * *1.14 GB *| * *3.05 GB * %%%%%%%%:::::

> * * 19.05. * * *1.38 GB *| *943.80 MB *| * *2.30 GB * %%%%%%::::

> * * 20.05. * * *1.29 GB *| *852.66 MB *| * *2.12 GB * %%%%%::::

> * * 21.05. * * *1.40 GB *| *729.03 MB *| * *2.11 GB * %%%%%%:::

> * * 22.05. * *394.85 MB *| *280.23 MB *| *675.08 MB * %%:

> * * 23.05. * * 78.72 MB *| *184.89 MB *| *263.61 MB * :

> * * 24.05. * * *1.42 GB *| *838.88 MB *| * *2.24 GB * %%%%%%::::

> * * 25.05. * * *1.50 GB *| *871.23 MB *| * *2.35 GB * %%%%%%::::

> * * 26.05. * * *1.61 GB *| *893.04 MB *| * *2.48 GB * %%%%%%%::::

> * * 27.05. * * *1.67 GB *| *993.82 MB *| * *2.65 GB * %%%%%%%%::::

> * * 28.05. * * *1.57 GB *| * *1.71 GB *| * *3.29 GB * %%%%%%%::::::::

> * * 29.05. * *718.45 MB *| *360.40 MB *| * *1.05 GB * %%%:

> * * 30.05. * * 44.14 MB *| * 81.51 MB *| *125.65 MB

> * * 31.05. * * *1.04 GB *| *775.54 MB *| * *1.80 GB * %%%%%:::

> * * 01.06. * * *1.15 GB *| *642.65 MB *| * *1.78 GB * %%%%%:::

> * * 02.06. * * *1.56 GB *| * *1.12 GB *| * *2.68 GB * %%%%%%%:::::

> * * 03.06. * * *3.85 GB *| * *1.62 GB *| * *5.47 GB

> %%%%%%%%%%%%%%%%%%:::::::

> * * 04.06. * * *2.32 GB *| * *1.49 GB *| * *3.81 GB * %%%%%%%%%%:::::::

> * * 05.06. * *876.30 MB *| *449.40 MB *| * *1.29 GB * %%%::

> * * 06.06. * *117.62 MB *| *158.43 MB *| *276.05 MB * :

> * * 07.06. * * *1.99 GB *| * *1.38 GB *| * *3.37 GB * %%%%%%%%%::::::

> * * 08.06. * *981.30 MB *| *712.62 MB *| * *1.65 GB * %%%%:::

> ------------------------+-------------+----------------------------------------

> * estimated * * 1.70 GB *| * *1.23 GB *| * *2.93 GB

>

> Best regards.

>

>> On 6/8/2010 8:52 AM, Eric Peters wrote:

>>

>>

>>> I agree, proactively monitoring your network, makes for good practice,

>>> and also peace of mind. Security through obscurity, and passive

>>> reactionary monitoring is just asking for your network to be abused.

>>> Here are just some tools that I use on a daily basis which

>>> would easily detect p2p traffic and other abuses.

>>>

>>> Ntop * * * *= /ntop/ is a network traffic probe that shows the network

>>> usage, similar to what the popular top Unix command does, but prettier!

>>> Snort * * * = /Snort/ is a free and open source network intrusion

>>> prevention system (NIPS) and network intrusion detection system (NIDS)

>>> Snorby * * = Great front end for Snort, I'm currently working on a howto

>>> for this under Ubuntu 10.4

>>> ET Rules *= Emerging Threats is an open source community project with

>>> the fastest moving and most diverse Snort Signature set and firewall

>>> rules available

>>> Wireshark = /Wireshark/ is a network protocol analyzer

>>> nmap * * * = Security Scanner For Network Exploration& *computer scanning

>>>

>>> I'm curious as to what everyone else is using? Did I leave anything out?

>>> What's your thoughts on this subject?

>>>

>>>

>>> Cheers,

>>> Eric

>>>

>>>

>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders@jsu.edu

>>> <mailto:dsanders@jsu.edu>> *wrote:

>>>

>>> * * *I second Paul that is the way to go, once one finds out they have

>>> * * *eyes on them, it "can" fix it's self. *We had a problem with an

>>> * * *individual serving up files and the big bad record industry sent a

>>> * * *letter. That gave us the right to cut the user off. Once turned back

>>> * * *on behavior changed. * You will get some flack on the front end but

>>> * * *over time a majority of the community will get in line.

>>>

>>> * * * * Danny Michael Sanders

>>> * * * * IT Support Analyst

>>>

>>> * * *----- "Paul Graydon"<paul@paulgraydon.co.uk

>>> * * *<mailtoaul@paulgraydon.co.uk>> *wrote:

>>> * * * > *That will help, but realistically you're going to have to block

>>> * * *every "high port" to stop P2P through that method.

>>> * * * >

>>> * * * > *The only way to effectively block P2P is to do packet sniffing

>>> * * *and analysis.. and that's just one big hassle.

>>> * * * >

>>> * * * > *My belief is this is usually the wrong way to tackle the problem,

>>> * * *looking for a technical solution to a human resource problem.

>>> * * * > *User education (and LARTing if necessary) is the key. *Using

>>> * * *software like Cacti to monitor and graph per-port traffic stats,

>>> * * *identify the largest bandwidth users and then focus on them and find

>>> * * *out just why they're using up so much bandwidth.

>>> * * * > *It's remarkable just how soon the problem all goes away after you

>>> * * *find just one or two individuals who are abusing the network

>>> * * *infrastructure and explain to them what the disciplinary procedures

>>> * * *are (or enact if it's appropriate and you have concrete evidence.)

>>> * * *The message soon spreads!

>>> * * * >

>>> * * * > *Paul

>>> * * * >

>>> * * * > *On 06/04/2010 05:03 AM, Greyson Farias wrote:

>>>

>>> * * * * *Hello,

>>> * * * * * >

>>> * * * * * > *You can use these iptables rules, because I don't like, don't

>>> * * * * *use and I don't wanna learn ufw. hehehehehe

>>> * * * * * >

>>> * * * * * > *# Block P2P connections

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 1214:1215 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 1981 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 1981 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 2037 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 2037 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3501 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3501 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3531 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3531 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3587 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3587 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3955 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3955 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4242 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 4242 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 4661:4672 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4688 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 4688 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 5121 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 5121 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 5662 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 5662 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6085:6086 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6346:6347 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6699 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6699 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6881:6889 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 8473 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 8473 -j DROP

>>> * * * * * >

>>> * * * * * >

>>> * * * * * >

>>> * * * * * >

>>> * * * * * > *2010/6/4 Kaushal Shriyan<kaushalshriyan@gmail.com

>>> * * * * *<mailto:kaushalshriyan@gmail.com>>

>>> * * * * * >

>>>

>>> * * * * * * *Hi,

>>> * * * * * * * >

>>> * * * * * * * > *is there a howto for blocking p2p traffic on ubuntu 10.04

>>> * * * * * * *server ?

>>> * * * * * * * >

>>> * * * * * * * > *Thanks,

>>> * * * * * * * >

>>> * * * * * * * > *Kaushal

>>> * * * * * * * >

>>> * * * * * * * > *--

>>> * * * * * * * > *ubuntu-server mailing list

>>> * * * * * * * > *ubuntu-server@lists.ubuntu.com

>>> * * * * * * *<mailto:ubuntu-server@lists.ubuntu.com>

>>> * * * * * * * > *https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

>>> * * * * * * * > *More info: https://wiki.ubuntu.com/ServerTeam

>>> * * * * * * * >

>>>

>>>

>>> * * * * * >

>>>

>>> * * * * * > *--

>>> * * * * * > *Greyson Farias

>>> * * * * * > *Técnico em Informática - CREA/AC 9329TD

>>> * * * * * > *Ubuntu user

>>> * * * * * > *Eu prefiro receber documentos em ODF.

>>> * * * * * > *http://ubuntu.com/download/getubuntu

>>> * * * * * > *Blog Ubuntu Acre: http://ubuntu-ac.org

>>> * * * * * >

>>>

>>>

>>> * * * >

>>> * * * >

>>>

>>> * * *--

>>> * * *ubuntu-server mailing list

>>> * * *ubuntu-server@lists.ubuntu.com<mailto:ubuntu-server@lists.ubuntu.com>

>>> * * *https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

>>> * * *More info: https://wiki.ubuntu.com/ServerTeam

>>>

>>>

>>>

>>>

>>

>>

>

>



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
Fábio Leitão
..-. .- -... .. --- *.-.. . .. - .- --- *...-.-


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 07:23 AM
"Fabio T. Leitao"
 
Default block p2p traffic

sorry, the correct name is*bandwidthd*

2010/6/9 Fabio T. Leitao <fabio.tleitao@gmail.com>


I also know (and use in a customer firewall) bandwithd... it plots a decent web report of traffic per network, per IP, several protocols...

2010/6/8 Bill <beau@billbeau.net>



I think mrtg is a little better. It graphs it out for ya so you can see

where the peaks are. It is a fantastic tool to see in a quick glance

what is going on with traffic and loads. If your working in say a data

center where you need to monitor several routers you can graph each and

every port. It was a great tool for DOS attacks we could see real quick

where the trouble was.



On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:

> Bill wrote:

>

>> I also use snmp and mrtg. I like seeing how much traffic is coming

>> through during the night.

>>

>>

> vnstat is good for that, here a example:

>

> # vnstat -i eth1 -d

>

> * eth1 */ *daily

>

> * * *day * * * * rx * * *| * * tx * * *| *total

> ------------------------+-------------+----------------------------------------

> * * 10.05. * * *1.55 GB *| *614.03 MB *| * *2.15 GB * %%%%%%:::

> * * 11.05. * * *1.95 GB *| *830.82 MB *| * *2.76 GB * %%%%%%%%::::

> * * 12.05. * * *1.79 GB *| *897.25 MB *| * *2.66 GB * %%%%%%%%::::

> * * 13.05. * * *1.75 GB *| *885.00 MB *| * *2.61 GB * %%%%%%%::::

> * * 14.05. * * *2.31 GB *| *845.42 MB *| * *3.14 GB * %%%%%%%%%%::::

> * * 15.05. * *504.79 MB *| *372.75 MB *| *877.54 MB * %%:

> * * 16.05. * * 43.93 MB *| * 92.58 MB *| *136.51 MB

> * * 17.05. * * *1.35 GB *| *746.94 MB *| * *2.08 GB * %%%%%%:::

> * * 18.05. * * *1.91 GB *| * *1.14 GB *| * *3.05 GB * %%%%%%%%:::::

> * * 19.05. * * *1.38 GB *| *943.80 MB *| * *2.30 GB * %%%%%%::::

> * * 20.05. * * *1.29 GB *| *852.66 MB *| * *2.12 GB * %%%%%::::

> * * 21.05. * * *1.40 GB *| *729.03 MB *| * *2.11 GB * %%%%%%:::

> * * 22.05. * *394.85 MB *| *280.23 MB *| *675.08 MB * %%:

> * * 23.05. * * 78.72 MB *| *184.89 MB *| *263.61 MB * :

> * * 24.05. * * *1.42 GB *| *838.88 MB *| * *2.24 GB * %%%%%%::::

> * * 25.05. * * *1.50 GB *| *871.23 MB *| * *2.35 GB * %%%%%%::::

> * * 26.05. * * *1.61 GB *| *893.04 MB *| * *2.48 GB * %%%%%%%::::

> * * 27.05. * * *1.67 GB *| *993.82 MB *| * *2.65 GB * %%%%%%%%::::

> * * 28.05. * * *1.57 GB *| * *1.71 GB *| * *3.29 GB * %%%%%%%::::::::

> * * 29.05. * *718.45 MB *| *360.40 MB *| * *1.05 GB * %%%:

> * * 30.05. * * 44.14 MB *| * 81.51 MB *| *125.65 MB

> * * 31.05. * * *1.04 GB *| *775.54 MB *| * *1.80 GB * %%%%%:::

> * * 01.06. * * *1.15 GB *| *642.65 MB *| * *1.78 GB * %%%%%:::

> * * 02.06. * * *1.56 GB *| * *1.12 GB *| * *2.68 GB * %%%%%%%:::::

> * * 03.06. * * *3.85 GB *| * *1.62 GB *| * *5.47 GB

> %%%%%%%%%%%%%%%%%%:::::::

> * * 04.06. * * *2.32 GB *| * *1.49 GB *| * *3.81 GB * %%%%%%%%%%:::::::

> * * 05.06. * *876.30 MB *| *449.40 MB *| * *1.29 GB * %%%::

> * * 06.06. * *117.62 MB *| *158.43 MB *| *276.05 MB * :

> * * 07.06. * * *1.99 GB *| * *1.38 GB *| * *3.37 GB * %%%%%%%%%::::::

> * * 08.06. * *981.30 MB *| *712.62 MB *| * *1.65 GB * %%%%:::

> ------------------------+-------------+----------------------------------------

> * estimated * * 1.70 GB *| * *1.23 GB *| * *2.93 GB

>

> Best regards.

>

>> On 6/8/2010 8:52 AM, Eric Peters wrote:

>>

>>

>>> I agree, proactively monitoring your network, makes for good practice,

>>> and also peace of mind. Security through obscurity, and passive

>>> reactionary monitoring is just asking for your network to be abused.

>>> Here are just some tools that I use on a daily basis which

>>> would easily detect p2p traffic and other abuses.

>>>

>>> Ntop * * * *= /ntop/ is a network traffic probe that shows the network

>>> usage, similar to what the popular top Unix command does, but prettier!

>>> Snort * * * = /Snort/ is a free and open source network intrusion

>>> prevention system (NIPS) and network intrusion detection system (NIDS)

>>> Snorby * * = Great front end for Snort, I'm currently working on a howto

>>> for this under Ubuntu 10.4

>>> ET Rules *= Emerging Threats is an open source community project with

>>> the fastest moving and most diverse Snort Signature set and firewall

>>> rules available

>>> Wireshark = /Wireshark/ is a network protocol analyzer

>>> nmap * * * = Security Scanner For Network Exploration& *computer scanning

>>>

>>> I'm curious as to what everyone else is using? Did I leave anything out?

>>> What's your thoughts on this subject?

>>>

>>>

>>> Cheers,

>>> Eric

>>>

>>>

>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders@jsu.edu

>>> <mailto:dsanders@jsu.edu>> *wrote:

>>>

>>> * * *I second Paul that is the way to go, once one finds out they have

>>> * * *eyes on them, it "can" fix it's self. *We had a problem with an

>>> * * *individual serving up files and the big bad record industry sent a

>>> * * *letter. That gave us the right to cut the user off. Once turned back

>>> * * *on behavior changed. * You will get some flack on the front end but

>>> * * *over time a majority of the community will get in line.

>>>

>>> * * * * Danny Michael Sanders

>>> * * * * IT Support Analyst

>>>

>>> * * *----- "Paul Graydon"<paul@paulgraydon.co.uk

>>> * * *<mailtoaul@paulgraydon.co.uk>> *wrote:

>>> * * * > *That will help, but realistically you're going to have to block

>>> * * *every "high port" to stop P2P through that method.

>>> * * * >

>>> * * * > *The only way to effectively block P2P is to do packet sniffing

>>> * * *and analysis.. and that's just one big hassle.

>>> * * * >

>>> * * * > *My belief is this is usually the wrong way to tackle the problem,

>>> * * *looking for a technical solution to a human resource problem.

>>> * * * > *User education (and LARTing if necessary) is the key. *Using

>>> * * *software like Cacti to monitor and graph per-port traffic stats,

>>> * * *identify the largest bandwidth users and then focus on them and find

>>> * * *out just why they're using up so much bandwidth.

>>> * * * > *It's remarkable just how soon the problem all goes away after you

>>> * * *find just one or two individuals who are abusing the network

>>> * * *infrastructure and explain to them what the disciplinary procedures

>>> * * *are (or enact if it's appropriate and you have concrete evidence.)

>>> * * *The message soon spreads!

>>> * * * >

>>> * * * > *Paul

>>> * * * >

>>> * * * > *On 06/04/2010 05:03 AM, Greyson Farias wrote:

>>>

>>> * * * * *Hello,

>>> * * * * * >

>>> * * * * * > *You can use these iptables rules, because I don't like, don't

>>> * * * * *use and I don't wanna learn ufw. hehehehehe

>>> * * * * * >

>>> * * * * * > *# Block P2P connections

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 1214:1215 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 1981 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 1981 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 2037 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 2037 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3501 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3501 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3531 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3531 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3587 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3587 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 3955 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 3955 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4242 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 4242 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 4661:4672 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 4688 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 4688 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 5121 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 5121 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 5662 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 5662 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6085:6086 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6346:6347 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6699 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6699 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 6881:6889 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP

>>> * * * * * > *iptables -A FORWARD -p tcp --dport 8473 -j DROP

>>> * * * * * > *iptables -A FORWARD -p udp --dport 8473 -j DROP

>>> * * * * * >

>>> * * * * * >

>>> * * * * * >

>>> * * * * * >

>>> * * * * * > *2010/6/4 Kaushal Shriyan<kaushalshriyan@gmail.com

>>> * * * * *<mailto:kaushalshriyan@gmail.com>>

>>> * * * * * >

>>>

>>> * * * * * * *Hi,

>>> * * * * * * * >

>>> * * * * * * * > *is there a howto for blocking p2p traffic on ubuntu 10.04

>>> * * * * * * *server ?

>>> * * * * * * * >

>>> * * * * * * * > *Thanks,

>>> * * * * * * * >

>>> * * * * * * * > *Kaushal

>>> * * * * * * * >

>>> * * * * * * * > *--

>>> * * * * * * * > *ubuntu-server mailing list

>>> * * * * * * * > *ubuntu-server@lists.ubuntu.com

>>> * * * * * * *<mailto:ubuntu-server@lists.ubuntu.com>

>>> * * * * * * * > *https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

>>> * * * * * * * > *More info: https://wiki.ubuntu.com/ServerTeam

>>> * * * * * * * >

>>>

>>>

>>> * * * * * >

>>>

>>> * * * * * > *--

>>> * * * * * > *Greyson Farias

>>> * * * * * > *Técnico em Informática - CREA/AC 9329TD

>>> * * * * * > *Ubuntu user

>>> * * * * * > *Eu prefiro receber documentos em ODF.

>>> * * * * * > *http://ubuntu.com/download/getubuntu

>>> * * * * * > *Blog Ubuntu Acre: http://ubuntu-ac.org

>>> * * * * * >

>>>

>>>

>>> * * * >

>>> * * * >

>>>

>>> * * *--

>>> * * *ubuntu-server mailing list

>>> * * *ubuntu-server@lists.ubuntu.com<mailto:ubuntu-server@lists.ubuntu.com>



>>> * * *https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

>>> * * *More info: https://wiki.ubuntu.com/ServerTeam

>>>

>>>

>>>

>>>

>>

>>

>

>



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
Fábio Leitão
..-. .- -... .. --- *.-.. . .. - .- --- *...-.-




--
Fábio Leitão
..-. .- -... .. --- *.-.. . .. - .- --- *...-.-


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 10:44 AM
Gerald Drouillard
 
Default block p2p traffic

> Please suggest/guide further and let me know the correct and the best
> practices to block ipp2p traffic
>
>
Check out opendns.com. You can block file sharing web sites.

--
Regards
--------------------------------------
Gerald Drouillard
Technology Architect
Drouillard& Associates, Inc.
http://www.Drouillard.biz


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-09-2010, 06:26 PM
Jorge Armando Medina
 
Default block p2p traffic

Bill wrote:
> I think mrtg is a little better. It graphs it out for ya so you can see
> where the peaks are. It is a fantastic tool to see in a quick glance
> what is going on with traffic and loads. If your working in say a data
> center where you need to monitor several routers you can graph each and
> every port. It was a great tool for DOS attacks we could see real quick
> where the trouble was.
>
Hi Bill, I know and use mrtg or cacti, but mrtg wont give you info about
how many bandwidht was consumed by day, mrtg using snmp by default only
graphs transfer rates not total bandwidht used, that is why I prefer vnstat.
> On 6/8/2010 11:32 AM, Jorge Armando Medina wrote:
>
>> Bill wrote:
>>
>>
>>> I also use snmp and mrtg. I like seeing how much traffic is coming
>>> through during the night.
>>>
>>>
>>>
>> vnstat is good for that, here a example:
>>
>> # vnstat -i eth1 -d
>>
>> eth1 / daily
>>
>> day rx | tx | total
>> ------------------------+-------------+----------------------------------------
>> 10.05. 1.55 GB | 614.03 MB | 2.15 GB %%%%%%:::
>> 11.05. 1.95 GB | 830.82 MB | 2.76 GB %%%%%%%%::::
>> 12.05. 1.79 GB | 897.25 MB | 2.66 GB %%%%%%%%::::
>> 13.05. 1.75 GB | 885.00 MB | 2.61 GB %%%%%%%::::
>> 14.05. 2.31 GB | 845.42 MB | 3.14 GB %%%%%%%%%%::::
>> 15.05. 504.79 MB | 372.75 MB | 877.54 MB %%:
>> 16.05. 43.93 MB | 92.58 MB | 136.51 MB
>> 17.05. 1.35 GB | 746.94 MB | 2.08 GB %%%%%%:::
>> 18.05. 1.91 GB | 1.14 GB | 3.05 GB %%%%%%%%:::::
>> 19.05. 1.38 GB | 943.80 MB | 2.30 GB %%%%%%::::
>> 20.05. 1.29 GB | 852.66 MB | 2.12 GB %%%%%::::
>> 21.05. 1.40 GB | 729.03 MB | 2.11 GB %%%%%%:::
>> 22.05. 394.85 MB | 280.23 MB | 675.08 MB %%:
>> 23.05. 78.72 MB | 184.89 MB | 263.61 MB :
>> 24.05. 1.42 GB | 838.88 MB | 2.24 GB %%%%%%::::
>> 25.05. 1.50 GB | 871.23 MB | 2.35 GB %%%%%%::::
>> 26.05. 1.61 GB | 893.04 MB | 2.48 GB %%%%%%%::::
>> 27.05. 1.67 GB | 993.82 MB | 2.65 GB %%%%%%%%::::
>> 28.05. 1.57 GB | 1.71 GB | 3.29 GB %%%%%%%::::::::
>> 29.05. 718.45 MB | 360.40 MB | 1.05 GB %%%:
>> 30.05. 44.14 MB | 81.51 MB | 125.65 MB
>> 31.05. 1.04 GB | 775.54 MB | 1.80 GB %%%%%:::
>> 01.06. 1.15 GB | 642.65 MB | 1.78 GB %%%%%:::
>> 02.06. 1.56 GB | 1.12 GB | 2.68 GB %%%%%%%:::::
>> 03.06. 3.85 GB | 1.62 GB | 5.47 GB
>> %%%%%%%%%%%%%%%%%%:::::::
>> 04.06. 2.32 GB | 1.49 GB | 3.81 GB %%%%%%%%%%:::::::
>> 05.06. 876.30 MB | 449.40 MB | 1.29 GB %%%::
>> 06.06. 117.62 MB | 158.43 MB | 276.05 MB :
>> 07.06. 1.99 GB | 1.38 GB | 3.37 GB %%%%%%%%%::::::
>> 08.06. 981.30 MB | 712.62 MB | 1.65 GB %%%%:::
>> ------------------------+-------------+----------------------------------------
>> estimated 1.70 GB | 1.23 GB | 2.93 GB
>>
>> Best regards.
>>
>>
>>> On 6/8/2010 8:52 AM, Eric Peters wrote:
>>>
>>>
>>>
>>>> I agree, proactively monitoring your network, makes for good practice,
>>>> and also peace of mind. Security through obscurity, and passive
>>>> reactionary monitoring is just asking for your network to be abused.
>>>> Here are just some tools that I use on a daily basis which
>>>> would easily detect p2p traffic and other abuses.
>>>>
>>>> Ntop = /ntop/ is a network traffic probe that shows the network
>>>> usage, similar to what the popular top Unix command does, but prettier!
>>>> Snort = /Snort/ is a free and open source network intrusion
>>>> prevention system (NIPS) and network intrusion detection system (NIDS)
>>>> Snorby = Great front end for Snort, I'm currently working on a howto
>>>> for this under Ubuntu 10.4
>>>> ET Rules = Emerging Threats is an open source community project with
>>>> the fastest moving and most diverse Snort Signature set and firewall
>>>> rules available
>>>> Wireshark = /Wireshark/ is a network protocol analyzer
>>>> nmap = Security Scanner For Network Exploration& computer scanning
>>>>
>>>> I'm curious as to what everyone else is using? Did I leave anything out?
>>>> What's your thoughts on this subject?
>>>>
>>>>
>>>> Cheers,
>>>> Eric
>>>>
>>>>
>>>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<dsanders@jsu.edu
>>>> <mailto:dsanders@jsu.edu>> wrote:
>>>>
>>>> I second Paul that is the way to go, once one finds out they have
>>>> eyes on them, it "can" fix it's self. We had a problem with an
>>>> individual serving up files and the big bad record industry sent a
>>>> letter. That gave us the right to cut the user off. Once turned back
>>>> on behavior changed. You will get some flack on the front end but
>>>> over time a majority of the community will get in line.
>>>>
>>>> Danny Michael Sanders
>>>> IT Support Analyst
>>>>
>>>> ----- "Paul Graydon"<paul@paulgraydon.co.uk
>>>> <mailtoaul@paulgraydon.co.uk>> wrote:
>>>> > That will help, but realistically you're going to have to block
>>>> every "high port" to stop P2P through that method.
>>>> >
>>>> > The only way to effectively block P2P is to do packet sniffing
>>>> and analysis.. and that's just one big hassle.
>>>> >
>>>> > My belief is this is usually the wrong way to tackle the problem,
>>>> looking for a technical solution to a human resource problem.
>>>> > User education (and LARTing if necessary) is the key. Using
>>>> software like Cacti to monitor and graph per-port traffic stats,
>>>> identify the largest bandwidth users and then focus on them and find
>>>> out just why they're using up so much bandwidth.
>>>> > It's remarkable just how soon the problem all goes away after you
>>>> find just one or two individuals who are abusing the network
>>>> infrastructure and explain to them what the disciplinary procedures
>>>> are (or enact if it's appropriate and you have concrete evidence.)
>>>> The message soon spreads!
>>>> >
>>>> > Paul
>>>> >
>>>> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>>>
>>>> Hello,
>>>> >
>>>> > You can use these iptables rules, because I don't like, don't
>>>> use and I don't wanna learn ufw. hehehehehe
>>>> >
>>>> > # Block P2P connections
>>>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 1981 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 2037 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 3501 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 3531 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 3587 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 3955 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 4242 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 4688 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 5121 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 5662 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 6699 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>>>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
>>>> > iptables -A FORWARD -p udp --dport 8473 -j DROP
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > 2010/6/4 Kaushal Shriyan<kaushalshriyan@gmail.com
>>>> <mailto:kaushalshriyan@gmail.com>>
>>>> >
>>>>
>>>> Hi,
>>>> >
>>>> > is there a howto for blocking p2p traffic on ubuntu 10.04
>>>> server ?
>>>> >
>>>> > Thanks,
>>>> >
>>>> > Kaushal
>>>> >
>>>> > --
>>>> > ubuntu-server mailing list
>>>> > ubuntu-server@lists.ubuntu.com
>>>> <mailto:ubuntu-server@lists.ubuntu.com>
>>>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>>> > More info: https://wiki.ubuntu.com/ServerTeam
>>>> >
>>>>
>>>>
>>>> >
>>>>
>>>> > --
>>>> > Greyson Farias
>>>> > Técnico em Informática - CREA/AC 9329TD
>>>> > Ubuntu user
>>>> > Eu prefiro receber documentos em ODF.
>>>> > http://ubuntu.com/download/getubuntu
>>>> > Blog Ubuntu Acre: http://ubuntu-ac.org
>>>> >
>>>>
>>>>
>>>> >
>>>> >
>>>>
>>>> --
>>>> ubuntu-server mailing list
>>>> ubuntu-server@lists.ubuntu.com<mailto:ubuntu-server@lists.ubuntu.com>
>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>>> More info: https://wiki.ubuntu.com/ServerTeam
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


--
Jorge Armando Medina
Computación Gráfica de México
Web: http://www.e-compugraf.com
Tel: 55 51 40 72, Ext: 124
Email: jmedina@e-compugraf.com
GPG Key: 1024D/28E40632 2007-07-26
GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 04:40 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org