Solved

Is there a way to block all P2P streams?

Posted on 2011-09-27
17
889 Views
Last Modified: 2012-05-12
Is there a way to block P2P streams like PPTv PPLive etc.

I heard that some are implementing port jumping and thus unable to block.

In what ways can they be blocked then?
0
Comment
Question by:humansg
  • 7
  • 5
  • 2
  • +3
17 Comments
 
LVL 17

Assisted Solution

by:Garry-G
Garry-G earned 150 total points
Comment Utility
It is possible within certain limits, but require so-called deep packet inspection ... on Cisco routers e.g., you could use NBAR (Network-based application recognition). Please note that this will burn some extra CPU cycles, so make sure your router is up to the task.
Some Firewalls will also allow you to block applications based on the application data itself, not the ports used ...
If you could state what kind of network hardware you have available, or what the requirements (bandwidth, ports, etc.) you have, I reckon you could get some recommendations ...
0
 
LVL 6

Expert Comment

by:Reubenwelsh
Comment Utility
What kind of network is this in? Weve never had issues with this, but then we have all ports blocked and only open up the ones needed to run.

People can use P2P software on port 80, but it will be so slow people wont bother.
0
 
LVL 16

Assisted Solution

by:Syed_M_Usman
Syed_M_Usman earned 50 total points
Comment Utility
YES
infact very easy, but you have to have a good fiirewall.
now a days many firewalls comes with Built in Application firewalls and you can simply block P2P or streaming using default application policy (refer to attached)
application-firewall.png
0
 

Author Comment

by:humansg
Comment Utility
Garry-G/Reubenwelsh

It is just an illustration. I want to know what are the ways to detect P2P streams and to block it.
I know that blocking ports is one way to do so, however as some application have dynamic ports assigned, it will not be possible to block off all ports as it will disable other non-P2P application from running.

It will be great if someone can explain what Syed_M_Usman has posted. How this network application actually detect P2P packets and denying them.
0
 

Author Comment

by:humansg
Comment Utility
Probably for some knowledge.
0
 
LVL 9

Accepted Solution

by:
Ashok Dewan earned 250 total points
Comment Utility
You have to configure firewall as per your need. Download comodo firewall its free.  In this firewall by default it will always ask you for every application to go for internet or not. if you will apply "not" then it will create the rule in its database as not allowed this application. But another option is their which is CUSTOM POLICY in this remove all pre-configured rules then make you own rules step by step. To surf internet with firefox create rule in NETWORK POLICY that allow firefox for port 80 and 443 and also allow svchost for DNS 53 port and at bottom , create rule block all traffic for every application by this way it will block every application. if you want to allow any application to go internet then make rule for it above "block all traffic" rule.this firewall check all rules from top to bottom if any allow rules is there for any particular application then it will allow that application otherwise no application connect to internet by this way you can see log to determine which application is trying go for internet which has been block already.
0
 
LVL 9

Assisted Solution

by:Ashok Dewan
Ashok Dewan earned 250 total points
Comment Utility
SEE my rules i have made in ZONEALARM firewall. I allowed those ports which i want otherwise not any application can connect to other ports. in ZONE alarm firewall you can also make same this rule for any other application in program control to secure more. FIREWALL RULES FIREWALL RULES FIREWALL RULES
0
 
LVL 6

Expert Comment

by:Reubenwelsh
Comment Utility
Sorry for adding a question, but how does a good firewall see that its P2P trafic if your doing it all via SSL?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 9

Expert Comment

by:Ashok Dewan
Comment Utility
I am very sorry same file , i have attached multiple times by mistake.
0
 
LVL 9

Expert Comment

by:Ashok Dewan
Comment Utility
It will tell you in logs or get SAX 2 IPS software to make more security. its also awesome software to prevent any unknown connection
0
 

Assisted Solution

by:kostis007
kostis007 earned 50 total points
Comment Utility
P2P are changing ports sometimes automatically, (depending on the software) and its difficult to block them using port numbers. You just get crazy .

I 'd agree to get some IPS software (or hardware if professional use) and block it in application level. Success in that case is 100%. I 've also seen some antiviruses/firewall that can block certain applications with rules etc, but only in every single pc (not massively).

0
 
LVL 9

Expert Comment

by:Ashok Dewan
Comment Utility
If you want to know that your P2P connection from your pc is encrypted(SSL) or not. then Download WIRESHARK and start packet capturing from your pc. then try to see every packet. In encrypted(SSL) packet you can not see any text(words).whatever you see in encrypted packet will be non readable its same as raw data. and on the other hand if you see in non-encrypted(not ssl) packet  probably you will  see some text or words in datagram.
0
 

Author Comment

by:humansg
Comment Utility
neil40m:
I've seen your screenshots.
What if I want it to be done at the network layer instead of individual PC?

I want to know information about how this is done on ISP level. Like how school can block off P2P streams.

eubenwelsh:
Probably those application like PPStream ain't on SSL. I just need simple thing on unencrypted version.

kostis007:
How would this be done in the application level? I want to know how the application works like how it see the packets as and then determine it as P2P stream.
0
 

Author Closing Comment

by:humansg
Comment Utility
I found this article which is quite useful in understanding.

Very similar to what you guys have mentioned but in details!

http://www.symantec.com/connect/articles/identifying-p2p-users-using-traffic-analysis

Thanks for all your efforts! I have rewarded points accordingly.
0
 
LVL 9

Expert Comment

by:Ashok Dewan
Comment Utility
try Kerio winroute firewall for 30 days. its free trial for 30 days. it install on the gateway or on proxy server to to monitor or block traffic. its good
0
 
LVL 9

Expert Comment

by:Ashok Dewan
Comment Utility
This Kerio is awesome but also expensive. you can block and monitor all traffic p2p.
0
 

Author Comment

by:humansg
Comment Utility
Thank you neil for your effort although I only wanted to know technically how applications do it!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now