Solved

Is there a way to block all P2P streams?

Posted on 2011-09-27
17
900 Views
Last Modified: 2012-05-12
Is there a way to block P2P streams like PPTv PPLive etc.

I heard that some are implementing port jumping and thus unable to block.

In what ways can they be blocked then?
0
Comment
Question by:humansg
  • 7
  • 5
  • 2
  • +3
17 Comments
 
LVL 17

Assisted Solution

by:Garry-G
Garry-G earned 150 total points
ID: 36714876
It is possible within certain limits, but require so-called deep packet inspection ... on Cisco routers e.g., you could use NBAR (Network-based application recognition). Please note that this will burn some extra CPU cycles, so make sure your router is up to the task.
Some Firewalls will also allow you to block applications based on the application data itself, not the ports used ...
If you could state what kind of network hardware you have available, or what the requirements (bandwidth, ports, etc.) you have, I reckon you could get some recommendations ...
0
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36714945
What kind of network is this in? Weve never had issues with this, but then we have all ports blocked and only open up the ones needed to run.

People can use P2P software on port 80, but it will be so slow people wont bother.
0
 
LVL 16

Assisted Solution

by:Syed_M_Usman
Syed_M_Usman earned 50 total points
ID: 36715833
YES
infact very easy, but you have to have a good fiirewall.
now a days many firewalls comes with Built in Application firewalls and you can simply block P2P or streaming using default application policy (refer to attached)
application-firewall.png
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:humansg
ID: 36716663
Garry-G/Reubenwelsh

It is just an illustration. I want to know what are the ways to detect P2P streams and to block it.
I know that blocking ports is one way to do so, however as some application have dynamic ports assigned, it will not be possible to block off all ports as it will disable other non-P2P application from running.

It will be great if someone can explain what Syed_M_Usman has posted. How this network application actually detect P2P packets and denying them.
0
 

Author Comment

by:humansg
ID: 36716665
Probably for some knowledge.
0
 
LVL 9

Accepted Solution

by:
Ashok Dewan earned 250 total points
ID: 36716740
You have to configure firewall as per your need. Download comodo firewall its free.  In this firewall by default it will always ask you for every application to go for internet or not. if you will apply "not" then it will create the rule in its database as not allowed this application. But another option is their which is CUSTOM POLICY in this remove all pre-configured rules then make you own rules step by step. To surf internet with firefox create rule in NETWORK POLICY that allow firefox for port 80 and 443 and also allow svchost for DNS 53 port and at bottom , create rule block all traffic for every application by this way it will block every application. if you want to allow any application to go internet then make rule for it above "block all traffic" rule.this firewall check all rules from top to bottom if any allow rules is there for any particular application then it will allow that application otherwise no application connect to internet by this way you can see log to determine which application is trying go for internet which has been block already.
0
 
LVL 9

Assisted Solution

by:Ashok Dewan
Ashok Dewan earned 250 total points
ID: 36716778
SEE my rules i have made in ZONEALARM firewall. I allowed those ports which i want otherwise not any application can connect to other ports. in ZONE alarm firewall you can also make same this rule for any other application in program control to secure more. FIREWALL RULES FIREWALL RULES FIREWALL RULES
0
 
LVL 6

Expert Comment

by:Reubenwelsh
ID: 36716785
Sorry for adding a question, but how does a good firewall see that its P2P trafic if your doing it all via SSL?
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36716788
I am very sorry same file , i have attached multiple times by mistake.
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36716795
It will tell you in logs or get SAX 2 IPS software to make more security. its also awesome software to prevent any unknown connection
0
 

Assisted Solution

by:kostis007
kostis007 earned 50 total points
ID: 36716872
P2P are changing ports sometimes automatically, (depending on the software) and its difficult to block them using port numbers. You just get crazy .

I 'd agree to get some IPS software (or hardware if professional use) and block it in application level. Success in that case is 100%. I 've also seen some antiviruses/firewall that can block certain applications with rules etc, but only in every single pc (not massively).

0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36716873
If you want to know that your P2P connection from your pc is encrypted(SSL) or not. then Download WIRESHARK and start packet capturing from your pc. then try to see every packet. In encrypted(SSL) packet you can not see any text(words).whatever you see in encrypted packet will be non readable its same as raw data. and on the other hand if you see in non-encrypted(not ssl) packet  probably you will  see some text or words in datagram.
0
 

Author Comment

by:humansg
ID: 36717632
neil40m:
I've seen your screenshots.
What if I want it to be done at the network layer instead of individual PC?

I want to know information about how this is done on ISP level. Like how school can block off P2P streams.

eubenwelsh:
Probably those application like PPStream ain't on SSL. I just need simple thing on unencrypted version.

kostis007:
How would this be done in the application level? I want to know how the application works like how it see the packets as and then determine it as P2P stream.
0
 

Author Closing Comment

by:humansg
ID: 36934912
I found this article which is quite useful in understanding.

Very similar to what you guys have mentioned but in details!

http://www.symantec.com/connect/articles/identifying-p2p-users-using-traffic-analysis

Thanks for all your efforts! I have rewarded points accordingly.
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36934972
try Kerio winroute firewall for 30 days. its free trial for 30 days. it install on the gateway or on proxy server to to monitor or block traffic. its good
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 36934976
This Kerio is awesome but also expensive. you can block and monitor all traffic p2p.
0
 

Author Comment

by:humansg
ID: 36937742
Thank you neil for your effort although I only wanted to know technically how applications do it!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question