[ previous ] [ next ] [ threads ]
 
 From:  SDamron <sdamron at gmail dot com>
 To:  tech at tscp dot info
 Cc:  "Alex M" <radiussupport at lrcommunications dot net>, "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Killing all P2P traffic? How?
 Date:  Fri, 26 Jan 2007 14:23:32 -0600
Yes, well, there is always that :o)


>
> More simply. Define the only needed ports for your lan on M0N0 and deny all
> other. It's the first rule for any firewall, and an essential security
> policy.
>
> Best regards
>
>
>
>
>
>
> ______________________________________________
> Jan Arbona


> www.tscp.info
>
>
> -----Mensaje original-----
> De: Alex M [mailto:radiussupport at lrcommunications dot net]
> Enviado el: viernes, 26 de enero de 2007 19:52
> Para: Monowall Support List
> Asunto: RE: [m0n0wall] Killing all P2P traffic? How?
>
> Ok I got the idea,
> I like censornet but then I need extra boxes for each setup, so I guess I
> would explore squid and log analysis and will link it to radius
>
> -----Original Message-----
> From: Alex M [mailto:radiussupport at lrcommunications dot net]
> Sent: Thursday, January 25, 2007 9:24 PM
> To: 'Wilson, Ron'; Monowall Support List
> Subject: RE: [m0n0wall] Killing all P2P traffic? How?
>
> Ok so Manuel gonna kik me out oh here soon for my ideas, lol Well if mono
> should not look at layer 3, 4 packets, can we add user based port management
> for CP? This shouldn't be that hard I think...
>
>
>
>
> -----Original Message-----
> From: Wilson, Ron [mailto:rwilson at mpr dot com]
> Sent: Thursday, January 25, 2007 9:14 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Killing all P2P traffic? How?
>
> FYI I doubt monowall will ever be good at managing traffic the way you
> want.  This is a good read in that regard:
>
> http://doc.m0n0.ch/handbook/intro.html
> http://doc.m0n0.ch/handbook/intro-not.html
>
> Specifically, mono will likely never inspect packets at layers other
> than 3 and 4.
>
> I'm not sure, but maybe PFSense will do what you need once it's stable?
>
> Ron Wilson, Senior Engineer, MPR Associates, 518.831.7546
>
> -----Original Message-----
> From: Alex M [mailto:radiussupport at lrcommunications dot net]
> Sent: Thursday, January 25, 2007 8:42 PM
> To: 'Mark Ryan'; Monowall Support List
> Subject: RE: [m0n0wall] Killing all P2P traffic? How?
>
> Ok how can I limit speed?
>
> Well I think my wish would be something like this: identify "crazy"
> downloader's, send them letter saying that because we do not allow P2P
> traffic on our net and because you abuse it too much we will lower you
> P2P
> speeds, and you still want to use P2P then you can subscribe to P2P
> package
> or something, in this way I would get $$$ for my lines overload + will
> separate those who clearly could get in trouble with legal thingies.
>
> Never the less I want completely remove eDonkey and KaZaA from my net
> because those networks where marked as illegal in courts so I don't want
> any
> of that traffic what so ever on my net. And I can try to contribute on
> building something that would be able to recognize and kill packets from
> appropriate protocol.
>
> As to BitTorrent net that's I guess the only one that I can't touch
> because
> it is now used by Amazon and UbiSoft to do legal movie and game sales.
>
>
>
>
> -----Original Message-----
> From: Mark Ryan [mailto:markryan at cfl dot rr dot com]
> Sent: Thursday, January 25, 2007 7:47 PM
> To: Alex M
> Cc: Monowall Support List
> Subject: Re: [m0n0wall] Killing all P2P traffic? How?
>
> Alex M wrote:
> > As to user education, well that would work in corp environment but in
> our
> > residential setup its kinda hard to tell HS kids not to download
> movies
> >
> > Or maybe u got some good persuasive methods?
> >
> >
> > -----Original Message-----
> > From: Chris Bagnall [mailto:m0n0wall at minotaur dot cc]
> > Sent: Thursday, January 25, 2007 7:07 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] Killing all P2P traffic? How?
> >
> >
> >> I decided that out users do toooooo much illegal downloading (at
> >> least that what I think, ppl cant just download 4.8Gb each day, and
> >> that # seams to be equal to the size of 1 DVD)
> >> Appreciate your suggestions!
> >>
> >
> > I must say I think user education is probably the best route here.
> Port
> > blocking approaches will only be partially succesful as more and more
> P2P
> > applications these days are using random ports.
> >
> > Regards,
> >
> > Chris
> >
> Instead of stopping it all together, why not try to control it better.
> You could classify all legitamate traffic (80, small packets, ACKs,
> email, etc) as high priority....and then limit the rest to a much slower
>
> limit.  They will get frustrated with slow p2p and hopefully quit using
> it.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
-------------------------------
I don't want to believe, I want to know.