[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-1?Q?T=E8cnica_de_Sistemes_Cal_Peles?= <tech at tscp dot info>
 To:  "'Alex M'" <radiussupport at lrcommunications dot net>, "'Monowall Support List'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Killing all P2P traffic? How?
 Date:  Fri, 26 Jan 2007 21:21:28 +0100
More simply. Define the only needed ports for your lan on M0N0 and deny all
other. It's the first rule for any firewall, and an essential security
policy.

Best regards


 
 
 
 
______________________________________________
Jan Arbona


www.tscp.info
 

-----Mensaje original-----
De: Alex M [mailto:radiussupport at lrcommunications dot net] 
Enviado el: viernes, 26 de enero de 2007 19:52
Para: Monowall Support List
Asunto: RE: [m0n0wall] Killing all P2P traffic? How?

Ok I got the idea,
I like censornet but then I need extra boxes for each setup, so I guess I
would explore squid and log analysis and will link it to radius

-----Original Message-----
From: Alex M [mailto:radiussupport at lrcommunications dot net]
Sent: Thursday, January 25, 2007 9:24 PM
To: 'Wilson, Ron'; Monowall Support List
Subject: RE: [m0n0wall] Killing all P2P traffic? How?

Ok so Manuel gonna kik me out oh here soon for my ideas, lol Well if mono
should not look at layer 3, 4 packets, can we add user based port management
for CP? This shouldn't be that hard I think...




-----Original Message-----
From: Wilson, Ron [mailto:rwilson at mpr dot com] 
Sent: Thursday, January 25, 2007 9:14 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Killing all P2P traffic? How?

FYI I doubt monowall will ever be good at managing traffic the way you
want.  This is a good read in that regard:

http://doc.m0n0.ch/handbook/intro.html
http://doc.m0n0.ch/handbook/intro-not.html

Specifically, mono will likely never inspect packets at layers other
than 3 and 4.

I'm not sure, but maybe PFSense will do what you need once it's stable?

Ron Wilson, Senior Engineer, MPR Associates, 518.831.7546

-----Original Message-----
From: Alex M [mailto:radiussupport at lrcommunications dot net] 
Sent: Thursday, January 25, 2007 8:42 PM
To: 'Mark Ryan'; Monowall Support List
Subject: RE: [m0n0wall] Killing all P2P traffic? How?

Ok how can I limit speed?

Well I think my wish would be something like this: identify "crazy"
downloader's, send them letter saying that because we do not allow P2P
traffic on our net and because you abuse it too much we will lower you
P2P
speeds, and you still want to use P2P then you can subscribe to P2P
package
or something, in this way I would get $$$ for my lines overload + will
separate those who clearly could get in trouble with legal thingies. 

Never the less I want completely remove eDonkey and KaZaA from my net
because those networks where marked as illegal in courts so I don't want
any
of that traffic what so ever on my net. And I can try to contribute on
building something that would be able to recognize and kill packets from
appropriate protocol. 

As to BitTorrent net that's I guess the only one that I can't touch
because
it is now used by Amazon and UbiSoft to do legal movie and game sales. 




-----Original Message-----
From: Mark Ryan [mailto:markryan at cfl dot rr dot com] 
Sent: Thursday, January 25, 2007 7:47 PM
To: Alex M
Cc: Monowall Support List
Subject: Re: [m0n0wall] Killing all P2P traffic? How?

Alex M wrote:
> As to user education, well that would work in corp environment but in
our
> residential setup its kinda hard to tell HS kids not to download
movies
>
> Or maybe u got some good persuasive methods?
>  
>
> -----Original Message-----
> From: Chris Bagnall [mailto:m0n0wall at minotaur dot cc] 
> Sent: Thursday, January 25, 2007 7:07 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Killing all P2P traffic? How?
>
>   
>> I decided that out users do toooooo much illegal downloading (at
>> least that what I think, ppl cant just download 4.8Gb each day, and
>> that # seams to be equal to the size of 1 DVD)
>> Appreciate your suggestions!
>>     
>
> I must say I think user education is probably the best route here.
Port
> blocking approaches will only be partially succesful as more and more
P2P
> applications these days are using random ports.
>
> Regards,
>
> Chris
>   
Instead of stopping it all together, why not try to control it better.  
You could classify all legitamate traffic (80, small packets, ACKs, 
email, etc) as high priority....and then limit the rest to a much slower

limit.  They will get frustrated with slow p2p and hopefully quit using
it.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch