[Dshield] Enquiry about strange network usage by user
mike at thompsonmike.co.uk
Mon Oct 10 03:26:52 GMT 2005
On Saturday 08 October 2005 08:51, Chris Ramsden wrote:
> Michael Thompson wrote:
> > I have banned a user from using all P2P software, and put in place a
> > block on the firewall to prevent it being used.
> What makes you think the user won't switch to a different port? Many
> BitTorrent clients allow the user to specify which ports/ranges are
> used, for both tracking and data. Both TCP and UDP can be used. I doubt
> you can stop this user without using DPI.
I use streing matching in IPTables to detect P2P usage not port details..
To see the world in a grain of sand,
and to see heaven in a wild flower,
hold infinity in the palm of your hands,
and eternity in an hour.
I don't need to outrun the bear, just the guy next to me...
More information about the list