FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 06-04-2010, 01:15 PM
Kaushal Shriyan
 
Default block p2p traffic

Hi,

is there a howto for blocking p2p traffic on ubuntu 10.04 server ?

Thanks,

Kaushal

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-04-2010, 01:31 PM
Carsten Aulbert
 
Default block p2p traffic

Hi

On Friday 04 June 2010 15:15:08 Kaushal Shriyan wrote:
> is there a howto for blocking p2p traffic on ubuntu 10.04 server ?

/sbin/ifconfig eth0 down
/sbin/ifconfig wlan0 down



(just kidding)

It would help a lot of you can rephrase the question more "smartly", i.e.
which p2p and what the network looks like, i.e. is the server a NAT gateway,
could users run p2p on this machine, ...

HTh

Carsten

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-04-2010, 01:52 PM
Michael Berger
 
Default block p2p traffic

Try this link.

https://help.ubuntu.com/10.04/serverguide/C/firewall.html

Ufw is a front end to iptables designed to ease administration of iptables.

Mike

On Jun 4, 2010, at 9:15 AM, Kaushal Shriyan wrote:

> Hi,
>
> is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>
> Thanks,
>
> Kaushal
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-04-2010, 03:03 PM
Greyson Farias
 
Default block p2p traffic

Hello,

You can use these iptables rules, because I don't like, don't use and I don't wanna learn ufw. hehehehehe

# Block P2P connections
iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP

iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
iptables -A FORWARD -p tcp --dport 1981 -j DROP
iptables -A FORWARD -p udp --dport 1981 -j DROP
iptables -A FORWARD -p tcp --dport 2037 -j DROP
iptables -A FORWARD -p udp --dport 2037 -j DROP

iptables -A FORWARD -p tcp --dport 3501 -j DROP
iptables -A FORWARD -p udp --dport 3501 -j DROP
iptables -A FORWARD -p tcp --dport 3531 -j DROP
iptables -A FORWARD -p udp --dport 3531 -j DROP
iptables -A FORWARD -p tcp --dport 3587 -j DROP

iptables -A FORWARD -p udp --dport 3587 -j DROP
iptables -A FORWARD -p tcp --dport 3955 -j DROP
iptables -A FORWARD -p udp --dport 3955 -j DROP
iptables -A FORWARD -p tcp --dport 4242 -j DROP
iptables -A FORWARD -p udp --dport 4242 -j DROP

iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
iptables -A FORWARD -p tcp --dport 4688 -j DROP
iptables -A FORWARD -p udp --dport 4688 -j DROP
iptables -A FORWARD -p tcp --dport 5121 -j DROP

iptables -A FORWARD -p udp --dport 5121 -j DROP
iptables -A FORWARD -p tcp --dport 5662 -j DROP
iptables -A FORWARD -p udp --dport 5662 -j DROP
iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
iptables -A FORWARD -p udp --dport 6085:6086 -j DROP

iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
iptables -A FORWARD -p tcp --dport 6699 -j DROP
iptables -A FORWARD -p udp --dport 6699 -j DROP
iptables -A FORWARD -p udp --dport 6881:6889 -j DROP

iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
iptables -A FORWARD -p tcp --dport 8473 -j DROP
iptables -A FORWARD -p udp --dport 8473 -j DROP



2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com>

Hi,

is there a howto for blocking p2p traffic on ubuntu 10.04 server ?

Thanks,


Kaushal


--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam


--
Greyson Farias
Técnico em Informática - CREA/AC 9329TD

Ubuntu user
Eu prefiro receber documentos em ODF.
http://ubuntu.com/download/getubuntu
Blog Ubuntu Acre: http://ubuntu-ac.org


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-04-2010, 06:05 PM
Paul Graydon
 
Default block p2p traffic

That will help, but realistically you're going to have to block every
"high port" to stop P2P through that method.



The only way to effectively block P2P is to do packet sniffing and
analysis.. and that's just one big hassle.



My belief is this is usually the wrong way to tackle the problem,
looking for a technical solution to a human resource problem.

User education (and LARTing if necessary) is the key.* Using software
like Cacti to monitor and graph per-port traffic stats, identify the
largest bandwidth users and then focus on them and find out just why
they're using up so much bandwidth.

It's remarkable just how soon the problem all goes away after you find
just one or two individuals who are abusing the network infrastructure
and explain to them what the disciplinary procedures are (or enact if
it's appropriate and you have concrete evidence.)* The message soon
spreads!



Paul



On 06/04/2010 05:03 AM, Greyson Farias wrote:
Hello,



You can use these iptables rules, because I don't like, don't use and I
don't wanna learn ufw. hehehehehe



# Block P2P connections

iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP

iptables -A FORWARD -p udp --dport 1214:1215 -j DROP

iptables -A FORWARD -p tcp --dport 1981 -j DROP

iptables -A FORWARD -p udp --dport 1981 -j DROP

iptables -A FORWARD -p tcp --dport 2037 -j DROP

iptables -A FORWARD -p udp --dport 2037 -j DROP

iptables -A FORWARD -p tcp --dport 3501 -j DROP

iptables -A FORWARD -p udp --dport 3501 -j DROP

iptables -A FORWARD -p tcp --dport 3531 -j DROP

iptables -A FORWARD -p udp --dport 3531 -j DROP

iptables -A FORWARD -p tcp --dport 3587 -j DROP

iptables -A FORWARD -p udp --dport 3587 -j DROP

iptables -A FORWARD -p tcp --dport 3955 -j DROP

iptables -A FORWARD -p udp --dport 3955 -j DROP

iptables -A FORWARD -p tcp --dport 4242 -j DROP

iptables -A FORWARD -p udp --dport 4242 -j DROP

iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP

iptables -A FORWARD -p udp --dport 4661:4672 -j DROP

iptables -A FORWARD -p tcp --dport 4688 -j DROP

iptables -A FORWARD -p udp --dport 4688 -j DROP

iptables -A FORWARD -p tcp --dport 5121 -j DROP

iptables -A FORWARD -p udp --dport 5121 -j DROP

iptables -A FORWARD -p tcp --dport 5662 -j DROP

iptables -A FORWARD -p udp --dport 5662 -j DROP

iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP

iptables -A FORWARD -p udp --dport 6085:6086 -j DROP

iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP

iptables -A FORWARD -p udp --dport 6346:6347 -j DROP

iptables -A FORWARD -p tcp --dport 6699 -j DROP

iptables -A FORWARD -p udp --dport 6699 -j DROP

iptables -A FORWARD -p udp --dport 6881:6889 -j DROP

iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP

iptables -A FORWARD -p tcp --dport 8473 -j DROP

iptables -A FORWARD -p udp --dport 8473 -j DROP







2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com>

Hi,



is there a howto for blocking p2p traffic on ubuntu 10.04 server ?



Thanks,



Kaushal



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam








--

Greyson Farias

Técnico em Informática - CREA/AC 9329TD

Ubuntu user

Eu prefiro receber documentos em ODF.

http://ubuntu.com/download/getubuntu

Blog Ubuntu Acre: http://ubuntu-ac.org






--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-06-2010, 12:53 AM
Michael Sanders
 
Default block p2p traffic

I second Paul that is the way to go, once one finds out they have eyes
on them, it "can" fix it's self.* We had a problem with an individual
serving up files and the big bad record industry sent a letter. That
gave us the right to cut the user off. Once turned back on behavior
changed. * You will get some flack on the front end but over time a majority of the community will get in line.


* Danny Michael Sanders

* IT Support Analyst

----- "Paul Graydon" <paul@paulgraydon.co.uk> wrote:

>




That will help, but realistically you're going to have to block every
"high port" to stop P2P through that method.
>

>
The only way to effectively block P2P is to do packet sniffing and
analysis.. and that's just one big hassle.
>

>
My belief is this is usually the wrong way to tackle the problem,
looking for a technical solution to a human resource problem.
>
User education (and LARTing if necessary) is the key.* Using software
like Cacti to monitor and graph per-port traffic stats, identify the
largest bandwidth users and then focus on them and find out just why
they're using up so much bandwidth.
>
It's remarkable just how soon the problem all goes away after you find
just one or two individuals who are abusing the network infrastructure
and explain to them what the disciplinary procedures are (or enact if
it's appropriate and you have concrete evidence.)* The message soon
spreads!
>

>
Paul
>

>
On 06/04/2010 05:03 AM, Greyson Farias wrote:
Hello,
>

>
You can use these iptables rules, because I don't like, don't use and I
don't wanna learn ufw. hehehehehe
>

>
# Block P2P connections
>
iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p tcp --dport 1981 -j DROP
>
iptables -A FORWARD -p udp --dport 1981 -j DROP
>
iptables -A FORWARD -p tcp --dport 2037 -j DROP
>
iptables -A FORWARD -p udp --dport 2037 -j DROP
>
iptables -A FORWARD -p tcp --dport 3501 -j DROP
>
iptables -A FORWARD -p udp --dport 3501 -j DROP
>
iptables -A FORWARD -p tcp --dport 3531 -j DROP
>
iptables -A FORWARD -p udp --dport 3531 -j DROP
>
iptables -A FORWARD -p tcp --dport 3587 -j DROP
>
iptables -A FORWARD -p udp --dport 3587 -j DROP
>
iptables -A FORWARD -p tcp --dport 3955 -j DROP
>
iptables -A FORWARD -p udp --dport 3955 -j DROP
>
iptables -A FORWARD -p tcp --dport 4242 -j DROP
>
iptables -A FORWARD -p udp --dport 4242 -j DROP
>
iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p tcp --dport 4688 -j DROP
>
iptables -A FORWARD -p udp --dport 4688 -j DROP
>
iptables -A FORWARD -p tcp --dport 5121 -j DROP
>
iptables -A FORWARD -p udp --dport 5121 -j DROP
>
iptables -A FORWARD -p tcp --dport 5662 -j DROP
>
iptables -A FORWARD -p udp --dport 5662 -j DROP
>
iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p tcp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 8473 -j DROP
>
iptables -A FORWARD -p udp --dport 8473 -j DROP
>

>

>

>
> 2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com>
>
Hi,
>

>
is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>

>
Thanks,
>

>
Kaushal
>

>
--
>
ubuntu-server mailing list
>
ubuntu-server@lists.ubuntu.com
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>
More info: https://wiki.ubuntu.com/ServerTeam
>



>


>
--
>
Greyson Farias
>
Técnico em Informática - CREA/AC 9329TD
>
Ubuntu user
>
Eu prefiro receber documentos em ODF.
>
http://ubuntu.com/download/getubuntu
>
Blog Ubuntu Acre: http://ubuntu-ac.org
>


>

> --
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-07-2010, 08:56 AM
Kaushal Shriyan
 
Default block p2p traffic

On Sun, Jun 6, 2010 at 6:23 AM, Michael Sanders <dsanders@jsu.edu> wrote:


I second Paul that is the way to go, once one finds out they have eyes
on them, it "can" fix it's self.* We had a problem with an individual
serving up files and the big bad record industry sent a letter. That
gave us the right to cut the user off. Once turned back on behavior
changed. * You will get some flack on the front end but over time a majority of the community will get in line.


* Danny Michael Sanders

* IT Support Analyst

----- "Paul Graydon" <paul@paulgraydon.co.uk> wrote:

>




That will help, but realistically you're going to have to block every
"high port" to stop P2P through that method.
>

>
The only way to effectively block P2P is to do packet sniffing and
analysis.. and that's just one big hassle.
>

>
My belief is this is usually the wrong way to tackle the problem,
looking for a technical solution to a human resource problem.
>
User education (and LARTing if necessary) is the key.* Using software
like Cacti to monitor and graph per-port traffic stats, identify the
largest bandwidth users and then focus on them and find out just why
they're using up so much bandwidth.
>
It's remarkable just how soon the problem all goes away after you find
just one or two individuals who are abusing the network infrastructure
and explain to them what the disciplinary procedures are (or enact if
it's appropriate and you have concrete evidence.)* The message soon
spreads!
>

>
Paul
>

>
On 06/04/2010 05:03 AM, Greyson Farias wrote:
Hello,
>

>
You can use these iptables rules, because I don't like, don't use and I
don't wanna learn ufw. hehehehehe
>

>
# Block P2P connections
>
iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p tcp --dport 1981 -j DROP
>
iptables -A FORWARD -p udp --dport 1981 -j DROP
>
iptables -A FORWARD -p tcp --dport 2037 -j DROP
>
iptables -A FORWARD -p udp --dport 2037 -j DROP
>
iptables -A FORWARD -p tcp --dport 3501 -j DROP
>
iptables -A FORWARD -p udp --dport 3501 -j DROP
>
iptables -A FORWARD -p tcp --dport 3531 -j DROP
>
iptables -A FORWARD -p udp --dport 3531 -j DROP
>
iptables -A FORWARD -p tcp --dport 3587 -j DROP
>
iptables -A FORWARD -p udp --dport 3587 -j DROP
>
iptables -A FORWARD -p tcp --dport 3955 -j DROP
>
iptables -A FORWARD -p udp --dport 3955 -j DROP
>
iptables -A FORWARD -p tcp --dport 4242 -j DROP
>
iptables -A FORWARD -p udp --dport 4242 -j DROP
>
iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p tcp --dport 4688 -j DROP
>
iptables -A FORWARD -p udp --dport 4688 -j DROP
>
iptables -A FORWARD -p tcp --dport 5121 -j DROP
>
iptables -A FORWARD -p udp --dport 5121 -j DROP
>
iptables -A FORWARD -p tcp --dport 5662 -j DROP
>
iptables -A FORWARD -p udp --dport 5662 -j DROP
>
iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p tcp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 8473 -j DROP
>
iptables -A FORWARD -p udp --dport 8473 -j DROP
>

>

>

>
> 2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com>
>
Hi,
>

>
is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>

>
Thanks,
>

>
Kaushal
>

>
--
>
ubuntu-server mailing list
>
ubuntu-server@lists.ubuntu.com
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>
More info: https://wiki.ubuntu.com/ServerTeam
>



>


>
--
>
Greyson Farias
>
Técnico em Informática - CREA/AC 9329TD
>
Ubuntu user
>
Eu prefiro receber documentos em ODF.
>
http://ubuntu.com/download/getubuntu
>
Blog Ubuntu Acre: http://ubuntu-ac.org
>


>

>
--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam

Hi Again

I did followed http://www.debian-administration.org/articles/562


when i run the make command i get http://pastebin.ubuntu.com/445975/

Please suggest/guide.

Thanks,

Kaushal

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-08-2010, 03:27 PM
Kaushal Shriyan
 
Default block p2p traffic

On Mon, Jun 7, 2010 at 2:26 PM, Kaushal Shriyan <kaushalshriyan@gmail.com> wrote:




On Sun, Jun 6, 2010 at 6:23 AM, Michael Sanders <dsanders@jsu.edu> wrote:



I second Paul that is the way to go, once one finds out they have eyes
on them, it "can" fix it's self.* We had a problem with an individual
serving up files and the big bad record industry sent a letter. That
gave us the right to cut the user off. Once turned back on behavior
changed. * You will get some flack on the front end but over time a majority of the community will get in line.


* Danny Michael Sanders

* IT Support Analyst

----- "Paul Graydon" <paul@paulgraydon.co.uk> wrote:

>




That will help, but realistically you're going to have to block every
"high port" to stop P2P through that method.
>

>
The only way to effectively block P2P is to do packet sniffing and
analysis.. and that's just one big hassle.
>

>
My belief is this is usually the wrong way to tackle the problem,
looking for a technical solution to a human resource problem.
>
User education (and LARTing if necessary) is the key.* Using software
like Cacti to monitor and graph per-port traffic stats, identify the
largest bandwidth users and then focus on them and find out just why
they're using up so much bandwidth.
>
It's remarkable just how soon the problem all goes away after you find
just one or two individuals who are abusing the network infrastructure
and explain to them what the disciplinary procedures are (or enact if
it's appropriate and you have concrete evidence.)* The message soon
spreads!
>

>
Paul
>

>
On 06/04/2010 05:03 AM, Greyson Farias wrote:
Hello,
>

>
You can use these iptables rules, because I don't like, don't use and I
don't wanna learn ufw. hehehehehe
>

>
# Block P2P connections
>
iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p tcp --dport 1981 -j DROP
>
iptables -A FORWARD -p udp --dport 1981 -j DROP
>
iptables -A FORWARD -p tcp --dport 2037 -j DROP
>
iptables -A FORWARD -p udp --dport 2037 -j DROP
>
iptables -A FORWARD -p tcp --dport 3501 -j DROP
>
iptables -A FORWARD -p udp --dport 3501 -j DROP
>
iptables -A FORWARD -p tcp --dport 3531 -j DROP
>
iptables -A FORWARD -p udp --dport 3531 -j DROP
>
iptables -A FORWARD -p tcp --dport 3587 -j DROP
>
iptables -A FORWARD -p udp --dport 3587 -j DROP
>
iptables -A FORWARD -p tcp --dport 3955 -j DROP
>
iptables -A FORWARD -p udp --dport 3955 -j DROP
>
iptables -A FORWARD -p tcp --dport 4242 -j DROP
>
iptables -A FORWARD -p udp --dport 4242 -j DROP
>
iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p tcp --dport 4688 -j DROP
>
iptables -A FORWARD -p udp --dport 4688 -j DROP
>
iptables -A FORWARD -p tcp --dport 5121 -j DROP
>
iptables -A FORWARD -p udp --dport 5121 -j DROP
>
iptables -A FORWARD -p tcp --dport 5662 -j DROP
>
iptables -A FORWARD -p udp --dport 5662 -j DROP
>
iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p tcp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 8473 -j DROP
>
iptables -A FORWARD -p udp --dport 8473 -j DROP
>

>

>

>
> 2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com>
>
Hi,
>

>
is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>

>
Thanks,
>

>
Kaushal
>

>
--
>
ubuntu-server mailing list
>
ubuntu-server@lists.ubuntu.com
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>
More info: https://wiki.ubuntu.com/ServerTeam
>



>


>
--
>
Greyson Farias
>
Técnico em Informática - CREA/AC 9329TD
>
Ubuntu user
>
Eu prefiro receber documentos em ODF.
>
http://ubuntu.com/download/getubuntu
>
Blog Ubuntu Acre: http://ubuntu-ac.org
>


>

>
--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam

Hi Again

I did followed http://www.debian-administration.org/articles/562



when i run the make command i get http://pastebin.ubuntu.com/445975/

Please suggest/guide.

Thanks,

Kaushal

Hi,
For the benefit of others in this email thread, I did followed this steps
#apt-get install xtables-addons-common#module-assistant --verbose --text-mode auto-install xtables-addons

#modprobe xt_ipp2p
I added the below line at the end of*/etc/init.d/shorewall and restarted shorewall, it worked.
/sbin/iptables -I OUTPUT -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP; /sbin/iptables -I INPUT -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP; /sbin/iptables -I FORWARD -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP


I did iptables -L | grep ipp2p it showed up the below entries.
DROP * * * all *-- *anywhere * * * * * * anywhere * * * * * *ipp2p --edk --dc --gnu --kazaa --bit --apple --soul --winmx --ares

DROP * * * all *-- *anywhere * * * * * * anywhere * * * * * *ipp2p --edk --dc --gnu --kazaa --bit --apple --soul --winmx --aresDROP * * * all *-- *anywhere * * * * * * anywhere * * * * * *ipp2p --edk --dc --gnu --kazaa --bit --apple --soul --winmx --ares


I checked on shorewall irc channel, they said its not a correct method to add the below line in /etc/init.d/shorewall
/sbin/iptables -I OUTPUT -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP; /sbin/iptables -I INPUT -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP; /sbin/iptables -I FORWARD -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP


Please suggest/guide further and let me know the correct and the best practices to block ipp2p traffic
Thanks and Regards
Kaushal
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-08-2010, 03:52 PM
Eric Peters
 
Default block p2p traffic

I agree,*proactively*monitoring your network, makes for good practice, and also peace of mind. Security through obscurity, and passive reactionary monitoring is just asking for your network to be abused. Here are just some tools that I use on a*daily*basis which would*easily*detect p2p traffic and other abuses. *

Ntop * * * *=*ntop*is a network traffic probe that shows the network usage, similar to what the popular top Unix command does, but*prettier!
Snort * * * =*Snort*is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)
Snorby * * = Great front end for Snort, I'm*currently*working on a howto for this under Ubuntu 10.4
ET Rules *=*Emerging Threats is an open source community project with the fastest moving and most diverse Snort Signature set and firewall rules available
Wireshark =*Wireshark*is a network protocol analyzer
nmap * * * = Security Scanner For Network Exploration & computer scanning


I'm curious as to what everyone else is using? Did I leave anything out? What's your thoughts on this subject?




Cheers,
Eric



On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders <dsanders@jsu.edu> wrote:

I second Paul that is the way to go, once one finds out they have eyes
on them, it "can" fix it's self.* We had a problem with an individual
serving up files and the big bad record industry sent a letter. That
gave us the right to cut the user off. Once turned back on behavior
changed. * You will get some flack on the front end but over time a majority of the community will get in line.


* Danny Michael Sanders

* IT Support Analyst

----- "Paul Graydon" <paul@paulgraydon.co.uk> wrote:

>




That will help, but realistically you're going to have to block every
"high port" to stop P2P through that method.
>

>
The only way to effectively block P2P is to do packet sniffing and
analysis.. and that's just one big hassle.
>

>
My belief is this is usually the wrong way to tackle the problem,
looking for a technical solution to a human resource problem.
>
User education (and LARTing if necessary) is the key.* Using software
like Cacti to monitor and graph per-port traffic stats, identify the
largest bandwidth users and then focus on them and find out just why
they're using up so much bandwidth.
>
It's remarkable just how soon the problem all goes away after you find
just one or two individuals who are abusing the network infrastructure
and explain to them what the disciplinary procedures are (or enact if
it's appropriate and you have concrete evidence.)* The message soon
spreads!
>

>
Paul
>

>
On 06/04/2010 05:03 AM, Greyson Farias wrote:
Hello,
>

>
You can use these iptables rules, because I don't like, don't use and I
don't wanna learn ufw. hehehehehe
>

>
# Block P2P connections
>
iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>
iptables -A FORWARD -p tcp --dport 1981 -j DROP
>
iptables -A FORWARD -p udp --dport 1981 -j DROP
>
iptables -A FORWARD -p tcp --dport 2037 -j DROP
>
iptables -A FORWARD -p udp --dport 2037 -j DROP
>
iptables -A FORWARD -p tcp --dport 3501 -j DROP
>
iptables -A FORWARD -p udp --dport 3501 -j DROP
>
iptables -A FORWARD -p tcp --dport 3531 -j DROP
>
iptables -A FORWARD -p udp --dport 3531 -j DROP
>
iptables -A FORWARD -p tcp --dport 3587 -j DROP
>
iptables -A FORWARD -p udp --dport 3587 -j DROP
>
iptables -A FORWARD -p tcp --dport 3955 -j DROP
>
iptables -A FORWARD -p udp --dport 3955 -j DROP
>
iptables -A FORWARD -p tcp --dport 4242 -j DROP
>
iptables -A FORWARD -p udp --dport 4242 -j DROP
>
iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>
iptables -A FORWARD -p tcp --dport 4688 -j DROP
>
iptables -A FORWARD -p udp --dport 4688 -j DROP
>
iptables -A FORWARD -p tcp --dport 5121 -j DROP
>
iptables -A FORWARD -p udp --dport 5121 -j DROP
>
iptables -A FORWARD -p tcp --dport 5662 -j DROP
>
iptables -A FORWARD -p udp --dport 5662 -j DROP
>
iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>
iptables -A FORWARD -p tcp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6699 -j DROP
>
iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>
iptables -A FORWARD -p tcp --dport 8473 -j DROP
>
iptables -A FORWARD -p udp --dport 8473 -j DROP
>

>

>

>
> 2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com>
>
Hi,
>

>
is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>

>
Thanks,
>

>
Kaushal
>

>
--
>
ubuntu-server mailing list
>
ubuntu-server@lists.ubuntu.com
>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>
More info: https://wiki.ubuntu.com/ServerTeam
>



>


>
--
>
Greyson Farias
>
Técnico em Informática - CREA/AC 9329TD
>
Ubuntu user
>
Eu prefiro receber documentos em ODF.
>
http://ubuntu.com/download/getubuntu
>
Blog Ubuntu Acre: http://ubuntu-ac.org
>


>

>
--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 06-08-2010, 04:51 PM
Bill
 
Default block p2p traffic

I also use snmp and mrtg. I like seeing how much traffic is coming
through during the night.

On 6/8/2010 8:52 AM, Eric Peters wrote:
> I agree, proactively monitoring your network, makes for good practice,
> and also peace of mind. Security through obscurity, and passive
> reactionary monitoring is just asking for your network to be abused.
> Here are just some tools that I use on a daily basis which
> would easily detect p2p traffic and other abuses.
>
> Ntop = /ntop/ is a network traffic probe that shows the network
> usage, similar to what the popular top Unix command does, but prettier!
> Snort = /Snort/ is a free and open source network intrusion
> prevention system (NIPS) and network intrusion detection system (NIDS)
> Snorby = Great front end for Snort, I'm currently working on a howto
> for this under Ubuntu 10.4
> ET Rules = Emerging Threats is an open source community project with
> the fastest moving and most diverse Snort Signature set and firewall
> rules available
> Wireshark = /Wireshark/ is a network protocol analyzer
> nmap = Security Scanner For Network Exploration & computer scanning
>
> I'm curious as to what everyone else is using? Did I leave anything out?
> What's your thoughts on this subject?
>
>
> Cheers,
> Eric
>
>
> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders <dsanders@jsu.edu
> <mailto:dsanders@jsu.edu>> wrote:
>
> I second Paul that is the way to go, once one finds out they have
> eyes on them, it "can" fix it's self. We had a problem with an
> individual serving up files and the big bad record industry sent a
> letter. That gave us the right to cut the user off. Once turned back
> on behavior changed. You will get some flack on the front end but
> over time a majority of the community will get in line.
>
> Danny Michael Sanders
> IT Support Analyst
>
> ----- "Paul Graydon" <paul@paulgraydon.co.uk
> <mailtoaul@paulgraydon.co.uk>> wrote:
> > That will help, but realistically you're going to have to block
> every "high port" to stop P2P through that method.
> >
> > The only way to effectively block P2P is to do packet sniffing
> and analysis.. and that's just one big hassle.
> >
> > My belief is this is usually the wrong way to tackle the problem,
> looking for a technical solution to a human resource problem.
> > User education (and LARTing if necessary) is the key. Using
> software like Cacti to monitor and graph per-port traffic stats,
> identify the largest bandwidth users and then focus on them and find
> out just why they're using up so much bandwidth.
> > It's remarkable just how soon the problem all goes away after you
> find just one or two individuals who are abusing the network
> infrastructure and explain to them what the disciplinary procedures
> are (or enact if it's appropriate and you have concrete evidence.)
> The message soon spreads!
> >
> > Paul
> >
> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>
> Hello,
> >
> > You can use these iptables rules, because I don't like, don't
> use and I don't wanna learn ufw. hehehehehe
> >
> > # Block P2P connections
> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
> > iptables -A FORWARD -p udp --dport 1981 -j DROP
> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
> > iptables -A FORWARD -p udp --dport 2037 -j DROP
> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
> > iptables -A FORWARD -p udp --dport 3501 -j DROP
> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
> > iptables -A FORWARD -p udp --dport 3531 -j DROP
> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
> > iptables -A FORWARD -p udp --dport 3587 -j DROP
> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
> > iptables -A FORWARD -p udp --dport 3955 -j DROP
> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
> > iptables -A FORWARD -p udp --dport 4242 -j DROP
> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
> > iptables -A FORWARD -p udp --dport 4688 -j DROP
> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
> > iptables -A FORWARD -p udp --dport 5121 -j DROP
> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
> > iptables -A FORWARD -p udp --dport 5662 -j DROP
> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
> > iptables -A FORWARD -p udp --dport 6699 -j DROP
> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
> > iptables -A FORWARD -p udp --dport 8473 -j DROP
> >
> >
> >
> >
> > 2010/6/4 Kaushal Shriyan <kaushalshriyan@gmail.com
> <mailto:kaushalshriyan@gmail.com>>
> >
>
> Hi,
> >
> > is there a howto for blocking p2p traffic on ubuntu 10.04
> server ?
> >
> > Thanks,
> >
> > Kaushal
> >
> > --
> > ubuntu-server mailing list
> > ubuntu-server@lists.ubuntu.com
> <mailto:ubuntu-server@lists.ubuntu.com>
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> > More info: https://wiki.ubuntu.com/ServerTeam
> >
>
>
> >
>
> > --
> > Greyson Farias
> > Técnico em Informática - CREA/AC 9329TD
> > Ubuntu user
> > Eu prefiro receber documentos em ODF.
> > http://ubuntu.com/download/getubuntu
> > Blog Ubuntu Acre: http://ubuntu-ac.org
> >
>
>
> >
> >
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com <mailto:ubuntu-server@lists.ubuntu.com>
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
>

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 01:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org