[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 970
  • Last Modified:

Is there a way to block all P2P streams?

Is there a way to block P2P streams like PPTv PPLive etc.

I heard that some are implementing port jumping and thus unable to block.

In what ways can they be blocked then?
0
humansg
Asked:
humansg
  • 7
  • 5
  • 2
  • +3
5 Solutions
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
It is possible within certain limits, but require so-called deep packet inspection ... on Cisco routers e.g., you could use NBAR (Network-based application recognition). Please note that this will burn some extra CPU cycles, so make sure your router is up to the task.
Some Firewalls will also allow you to block applications based on the application data itself, not the ports used ...
If you could state what kind of network hardware you have available, or what the requirements (bandwidth, ports, etc.) you have, I reckon you could get some recommendations ...
0
 
ReubenwelshCommented:
What kind of network is this in? Weve never had issues with this, but then we have all ports blocked and only open up the ones needed to run.

People can use P2P software on port 80, but it will be so slow people wont bother.
0
 
Syed_M_UsmanSystem AdministratorCommented:
YES
infact very easy, but you have to have a good fiirewall.
now a days many firewalls comes with Built in Application firewalls and you can simply block P2P or streaming using default application policy (refer to attached)
application-firewall.png
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
humansgAuthor Commented:
Garry-G/Reubenwelsh

It is just an illustration. I want to know what are the ways to detect P2P streams and to block it.
I know that blocking ports is one way to do so, however as some application have dynamic ports assigned, it will not be possible to block off all ports as it will disable other non-P2P application from running.

It will be great if someone can explain what Syed_M_Usman has posted. How this network application actually detect P2P packets and denying them.
0
 
humansgAuthor Commented:
Probably for some knowledge.
0
 
Ashok DewanFreelancerCommented:
You have to configure firewall as per your need. Download comodo firewall its free.  In this firewall by default it will always ask you for every application to go for internet or not. if you will apply "not" then it will create the rule in its database as not allowed this application. But another option is their which is CUSTOM POLICY in this remove all pre-configured rules then make you own rules step by step. To surf internet with firefox create rule in NETWORK POLICY that allow firefox for port 80 and 443 and also allow svchost for DNS 53 port and at bottom , create rule block all traffic for every application by this way it will block every application. if you want to allow any application to go internet then make rule for it above "block all traffic" rule.this firewall check all rules from top to bottom if any allow rules is there for any particular application then it will allow that application otherwise no application connect to internet by this way you can see log to determine which application is trying go for internet which has been block already.
0
 
Ashok DewanFreelancerCommented:
SEE my rules i have made in ZONEALARM firewall. I allowed those ports which i want otherwise not any application can connect to other ports. in ZONE alarm firewall you can also make same this rule for any other application in program control to secure more. FIREWALL RULES FIREWALL RULES FIREWALL RULES
0
 
ReubenwelshCommented:
Sorry for adding a question, but how does a good firewall see that its P2P trafic if your doing it all via SSL?
0
 
Ashok DewanFreelancerCommented:
I am very sorry same file , i have attached multiple times by mistake.
0
 
Ashok DewanFreelancerCommented:
It will tell you in logs or get SAX 2 IPS software to make more security. its also awesome software to prevent any unknown connection
0
 
kostis007Commented:
P2P are changing ports sometimes automatically, (depending on the software) and its difficult to block them using port numbers. You just get crazy .

I 'd agree to get some IPS software (or hardware if professional use) and block it in application level. Success in that case is 100%. I 've also seen some antiviruses/firewall that can block certain applications with rules etc, but only in every single pc (not massively).

0
 
Ashok DewanFreelancerCommented:
If you want to know that your P2P connection from your pc is encrypted(SSL) or not. then Download WIRESHARK and start packet capturing from your pc. then try to see every packet. In encrypted(SSL) packet you can not see any text(words).whatever you see in encrypted packet will be non readable its same as raw data. and on the other hand if you see in non-encrypted(not ssl) packet  probably you will  see some text or words in datagram.
0
 
humansgAuthor Commented:
neil40m:
I've seen your screenshots.
What if I want it to be done at the network layer instead of individual PC?

I want to know information about how this is done on ISP level. Like how school can block off P2P streams.

eubenwelsh:
Probably those application like PPStream ain't on SSL. I just need simple thing on unencrypted version.

kostis007:
How would this be done in the application level? I want to know how the application works like how it see the packets as and then determine it as P2P stream.
0
 
humansgAuthor Commented:
I found this article which is quite useful in understanding.

Very similar to what you guys have mentioned but in details!

http://www.symantec.com/connect/articles/identifying-p2p-users-using-traffic-analysis

Thanks for all your efforts! I have rewarded points accordingly.
0
 
Ashok DewanFreelancerCommented:
try Kerio winroute firewall for 30 days. its free trial for 30 days. it install on the gateway or on proxy server to to monitor or block traffic. its good
0
 
Ashok DewanFreelancerCommented:
This Kerio is awesome but also expensive. you can block and monitor all traffic p2p.
0
 
humansgAuthor Commented:
Thank you neil for your effort although I only wanted to know technically how applications do it!
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 7
  • 5
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now