[Dshield] Enquiry about strange network usage by user

Michael Thompson mike at thompsonmike.co.uk
Mon Oct 10 03:26:52 GMT 2005


On Saturday 08 October 2005 08:51, Chris Ramsden wrote:
> Michael Thompson wrote:
> > I have banned a user from using all P2P software, and put in place a
> > block on the firewall to prevent it being used.
>
> What makes you think the user won't switch to a different port? Many
> BitTorrent clients allow the user to specify which ports/ranges are
> used, for both tracking and data. Both TCP and UDP can be used. I doubt
> you can stop this user without using DPI.

I use streing matching in IPTables to detect P2P usage not port details..

-- 
Mike

To see the world in a grain of sand,
and to see heaven in a wild flower,
hold infinity in the palm of your hands,
and eternity in an hour.

GnuGPG KeyID:=FC0D8D9A
http://www.thompsonmike.co.uk

I don't need to outrun the bear, just the guy next to me...


More information about the list mailing list