blocking peer-to-peer filesharing programs
andy at tigerteam.net
Mon Dec 10 20:15:39 UTC 2001
On Mon, 10 Dec 2001 dani-post at roisman.com wrote:
> I realize this may be a touchy subject. For legal purposes I'll state that I'm making these inquiries as an academic excercize, as well as to enable me to block peer-to-peer programs on my own personal home network. The last thing I'd want to do is rob anyone of their free speech or "rights" to distribute illegal copies of copyrighted material.
> Anyway... I'm interested in developing and studying comprehensive firewall and content-filtering techniques for disabling peer-to-peer filesharing applications (e.g. those using gnutella, fasttrack, other napster-style directory and download engines or stacks). If anyone knows of a mailing list / user group that has similar interests, or if you have similar interests, please email me off-list.
Since ports and apps are always changing, you would probably have to use a
mixture of ports and layer-7 information. Perhaps using some sort of
content switch or finding people who do is the answer.
For your "home network", may I suggest that you just turn off all the
ports, except for the obvious ones, and then be available to field
complaints (from your children presumably) for other application specific
ports that are justifiable for your network. I think you will find the the
list of "legitimate" ports to be much short then the alternative.
PGP Key Available at http://www.tigerteam.net/andy/pgp
More information about the NANOG