Solved

Is there a way to block all P2P streams?

Posted on 2011-09-27
17
924 Views
Last Modified: 2012-05-12
Is there a way to block P2P streams like PPTv PPLive etc.

I heard that some are implementing port jumping and thus unable to block.

In what ways can they be blocked then?
0
Comment
Question by:humansg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 2
  • +3
17 Comments
 
LVL 18

Assisted Solution

by:Garry Glendown
Garry Glendown earned 150 total points
ID: 36714876
It is possible within certain limits, but require so-called deep packet inspection ... on Cisco routers e.g., you could use NBAR (Network-based application recognition). Please note that this will burn some extra CPU cycles, so make sure your router is up to the task.
Some Firewalls will also allow you to block applications based on the application data itself, not the ports used ...
If you could state what kind of network hardware you have available, or what the requirements (bandwidth, ports, etc.) you have, I reckon you could get some recommendations ...
0
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36714945
What kind of network is this in? Weve never had issues with this, but then we have all ports blocked and only open up the ones needed to run.

People can use P2P software on port 80, but it will be so slow people wont bother.
0
 
LVL 16

Assisted Solution

by:Syed_M_Usman
Syed_M_Usman earned 50 total points
ID: 36715833
YES
infact very easy, but you have to have a good fiirewall.
now a days many firewalls comes with Built in Application firewalls and you can simply block P2P or streaming using default application policy (refer to attached)
application-firewall.png
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:humansg
ID: 36716663
Garry-G/Reubenwelsh

It is just an illustration. I want to know what are the ways to detect P2P streams and to block it.
I know that blocking ports is one way to do so, however as some application have dynamic ports assigned, it will not be possible to block off all ports as it will disable other non-P2P application from running.

It will be great if someone can explain what Syed_M_Usman has posted. How this network application actually detect P2P packets and denying them.
0
 

Author Comment

by:humansg
ID: 36716665
Probably for some knowledge.
0
 
LVL 9

Accepted Solution

by:
Ashok Dewan earned 250 total points
ID: 36716740
You have to configure firewall as per your need. Download comodo firewall its free.  In this firewall by default it will always ask you for every application to go for internet or not. if you will apply "not" then it will create the rule in its database as not allowed this application. But another option is their which is CUSTOM POLICY in this remove all pre-configured rules then make you own rules step by step. To surf internet with firefox create rule in NETWORK POLICY that allow firefox for port 80 and 443 and also allow svchost for DNS 53 port and at bottom , create rule block all traffic for every application by this way it will block every application. if you want to allow any application to go internet then make rule for it above "block all traffic" rule.this firewall check all rules from top to bottom if any allow rules is there for any particular application then it will allow that application otherwise no application connect to internet by this way you can see log to determine which application is trying go for internet which has been block already.
0
 
LVL 9

Assisted Solution

by:Ashok Dewan
Ashok Dewan earned 250 total points
ID: 36716778
SEE my rules i have made in ZONEALARM firewall. I allowed those ports which i want otherwise not any application can connect to other ports. in ZONE alarm firewall you can also make same this rule for any other application in program control to secure more. FIREWALL RULES FIREWALL RULES FIREWALL RULES
0
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36716785
Sorry for adding a question, but how does a good firewall see that its P2P trafic if your doing it all via SSL?
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36716788
I am very sorry same file , i have attached multiple times by mistake.
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36716795
It will tell you in logs or get SAX 2 IPS software to make more security. its also awesome software to prevent any unknown connection
0
 

Assisted Solution

by:kostis007
kostis007 earned 50 total points
ID: 36716872
P2P are changing ports sometimes automatically, (depending on the software) and its difficult to block them using port numbers. You just get crazy .

I 'd agree to get some IPS software (or hardware if professional use) and block it in application level. Success in that case is 100%. I 've also seen some antiviruses/firewall that can block certain applications with rules etc, but only in every single pc (not massively).

0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36716873
If you want to know that your P2P connection from your pc is encrypted(SSL) or not. then Download WIRESHARK and start packet capturing from your pc. then try to see every packet. In encrypted(SSL) packet you can not see any text(words).whatever you see in encrypted packet will be non readable its same as raw data. and on the other hand if you see in non-encrypted(not ssl) packet  probably you will  see some text or words in datagram.
0
 

Author Comment

by:humansg
ID: 36717632
neil40m:
I've seen your screenshots.
What if I want it to be done at the network layer instead of individual PC?

I want to know information about how this is done on ISP level. Like how school can block off P2P streams.

eubenwelsh:
Probably those application like PPStream ain't on SSL. I just need simple thing on unencrypted version.

kostis007:
How would this be done in the application level? I want to know how the application works like how it see the packets as and then determine it as P2P stream.
0
 

Author Closing Comment

by:humansg
ID: 36934912
I found this article which is quite useful in understanding.

Very similar to what you guys have mentioned but in details!

http://www.symantec.com/connect/articles/identifying-p2p-users-using-traffic-analysis

Thanks for all your efforts! I have rewarded points accordingly.
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36934972
try Kerio winroute firewall for 30 days. its free trial for 30 days. it install on the gateway or on proxy server to to monitor or block traffic. its good
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36934976
This Kerio is awesome but also expensive. you can block and monitor all traffic p2p.
0
 

Author Comment

by:humansg
ID: 36937742
Thank you neil for your effort although I only wanted to know technically how applications do it!
0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3650 switch licensing 6 76
Tracert fails final hop at some client offices 3 45
SonicPoint N2 will not provision on SonicWall NSA220 4 55
DFS replication issue 7 66
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question