[Dshield] Enquiry about strange network usage by user

Michael Thompson mike at thompsonmike.co.uk
Mon Oct 10 03:26:52 GMT 2005

On Saturday 08 October 2005 08:51, Chris Ramsden wrote:
> Michael Thompson wrote:
> > I have banned a user from using all P2P software, and put in place a
> > block on the firewall to prevent it being used.
> What makes you think the user won't switch to a different port? Many
> BitTorrent clients allow the user to specify which ports/ranges are
> used, for both tracking and data. Both TCP and UDP can be used. I doubt
> you can stop this user without using DPI.

I use streing matching in IPTables to detect P2P usage not port details..


To see the world in a grain of sand,
and to see heaven in a wild flower,
hold infinity in the palm of your hands,
and eternity in an hour.


I don't need to outrun the bear, just the guy next to me...

More information about the list mailing list