07-07-2010 02:36 PM
I am trying to block P2P applications such as Bit Torrent and Limewire on my network. I used the P2P IDP signatures and applied them on my firewall policies from zone trust to untrust.
IP action is set to Drop Connection, Destination Address, IP Close
It blocks Limewire from Connecting but I can still search for files and download them etc.
Is there a way to stop this I am considering making my own IDP custom applications but I have no information on how to do so, any help would be highly apprieciated.
07-07-2010 09:22 PM
I have a similar case trying to block P2P Bittorrent. i used all the P2P and BT provided attacks, yet the outcome was very poor. i used utorrent for Windows as a testing ground with its default configuration (as a non-savvy user would have it) and still my SRX did not manage to stop it. No encryption whatsoever to the outgoing connections. According to a log that I had created to monitor the issue the BT usage was succesfully logged, but it was not blocked. I had studied BT in the past and I knew that most of its connections use UDP. So I decided to entiely block UDP apart from the udp/53 which is used for outbound DNS queries. The trick worked fine and I have tottaly blocked BT.
I have a pending case with ATAC at the moment in regard to this and i hope they find a way to block the unwanted UDP traffic via the IDP and not the FW as I have donw now.
My idea is also to monitor fo anomalies and http and ssl issues. This way you can also block meny other sneaky apps or protocols like skype, tor, teamviewer and the like.
Hope this helps a bit.