|
||||||||||
Yes, well, there is always that :o) On 1/26/07, Tècnica de Sistemes Cal Peles <tech at tscp dot info> wrote: > > More simply. Define the only needed ports for your lan on M0N0 and deny all > other. It's the first rule for any firewall, and an essential security > policy. > > Best regards > > > > > > > ______________________________________________ > Jan Arbona > Tècnica de Sistemes Cal Peles > Camí Vell de l'Església 41, Sispony AD400 > www.tscp.info > > > -----Mensaje original----- > De: Alex M [mailto:radiussupport at lrcommunications dot net] > Enviado el: viernes, 26 de enero de 2007 19:52 > Para: Monowall Support List > Asunto: RE: [m0n0wall] Killing all P2P traffic? How? > > Ok I got the idea, > I like censornet but then I need extra boxes for each setup, so I guess I > would explore squid and log analysis and will link it to radius > > -----Original Message----- > From: Alex M [mailto:radiussupport at lrcommunications dot net] > Sent: Thursday, January 25, 2007 9:24 PM > To: 'Wilson, Ron'; Monowall Support List > Subject: RE: [m0n0wall] Killing all P2P traffic? How? > > Ok so Manuel gonna kik me out oh here soon for my ideas, lol Well if mono > should not look at layer 3, 4 packets, can we add user based port management > for CP? This shouldn't be that hard I think... > > > > > -----Original Message----- > From: Wilson, Ron [mailto:rwilson at mpr dot com] > Sent: Thursday, January 25, 2007 9:14 PM > To: m0n0wall at lists dot m0n0 dot ch > Subject: RE: [m0n0wall] Killing all P2P traffic? How? > > FYI I doubt monowall will ever be good at managing traffic the way you > want. This is a good read in that regard: > > http://doc.m0n0.ch/handbook/intro.html > http://doc.m0n0.ch/handbook/intro-not.html > > Specifically, mono will likely never inspect packets at layers other > than 3 and 4. > > I'm not sure, but maybe PFSense will do what you need once it's stable? > > Ron Wilson, Senior Engineer, MPR Associates, 518.831.7546 > > -----Original Message----- > From: Alex M [mailto:radiussupport at lrcommunications dot net] > Sent: Thursday, January 25, 2007 8:42 PM > To: 'Mark Ryan'; Monowall Support List > Subject: RE: [m0n0wall] Killing all P2P traffic? How? > > Ok how can I limit speed? > > Well I think my wish would be something like this: identify "crazy" > downloader's, send them letter saying that because we do not allow P2P > traffic on our net and because you abuse it too much we will lower you > P2P > speeds, and you still want to use P2P then you can subscribe to P2P > package > or something, in this way I would get $$$ for my lines overload + will > separate those who clearly could get in trouble with legal thingies. > > Never the less I want completely remove eDonkey and KaZaA from my net > because those networks where marked as illegal in courts so I don't want > any > of that traffic what so ever on my net. And I can try to contribute on > building something that would be able to recognize and kill packets from > appropriate protocol. > > As to BitTorrent net that's I guess the only one that I can't touch > because > it is now used by Amazon and UbiSoft to do legal movie and game sales. > > > > > -----Original Message----- > From: Mark Ryan [mailto:markryan at cfl dot rr dot com] > Sent: Thursday, January 25, 2007 7:47 PM > To: Alex M > Cc: Monowall Support List > Subject: Re: [m0n0wall] Killing all P2P traffic? How? > > Alex M wrote: > > As to user education, well that would work in corp environment but in > our > > residential setup its kinda hard to tell HS kids not to download > movies > > > > Or maybe u got some good persuasive methods? > > > > > > -----Original Message----- > > From: Chris Bagnall [mailto:m0n0wall at minotaur dot cc] > > Sent: Thursday, January 25, 2007 7:07 PM > > To: m0n0wall at lists dot m0n0 dot ch > > Subject: RE: [m0n0wall] Killing all P2P traffic? How? > > > > > >> I decided that out users do toooooo much illegal downloading (at > >> least that what I think, ppl cant just download 4.8Gb each day, and > >> that # seams to be equal to the size of 1 DVD) > >> Appreciate your suggestions! > >> > > > > I must say I think user education is probably the best route here. > Port > > blocking approaches will only be partially succesful as more and more > P2P > > applications these days are using random ports. > > > > Regards, > > > > Chris > > > Instead of stopping it all together, why not try to control it better. > You could classify all legitamate traffic (80, small packets, ACKs, > email, etc) as high priority....and then limit the rest to a much slower > > limit. They will get frustrated with slow p2p and hopefully quit using > it. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > -- ------------------------------- I don't want to believe, I want to know. |