Menu
▾
▴
Re: [Snort-inline-users] Filtering peer to peer traffic
|
From: Victor J. <vi...@nk...> - 2004-09-13 15:43:43
|
Hello Luis, On Monday 13 September 2004 15:02, Luis Hern=E1n Otegui wrote: > Heelo, people, I've been brought here by a suggestion somebody at the > mailing list of snort game me. > First of all, I must say that I'm a complete newbie at snort and any > of its sons (such as this one). My approach to snort was motivated > because I want to block peer to peer traffic coming in and out of the > network I'm managing. > So, to put it simple, I need some documentation (the one I couldn't > find anywere in the snort-inline site) about how to do this, working > together with my existing iptables firewall. The snort_inline part of snort basicly comes down to making sure snort_inli= ne=20 sees the traffic. This can be done by using the QUEUE target in iptables. F= or=20 more information on how to pass the traffic to snort_inline see the=20 documentation in the snort_inline distribution, in the map 'doc', esp.=20 README.INLINE. I suggest you read the snort manual (http://www.snort.org/docs/snort_manual= /)=20 and just load snort_inline with the rules set to alert so you can see what= =20 happens... > I've been reading the snort users and installation guides, my > router-firewall came with snort 2.0.6 pre-installed (I'm using Ututo-R > as a router-firewall), and I have three NICs, one that connects it > with the internet gateway, and the other two that serve as gateways to > two class B networks. This are the ones in which I would like to block > pper to peer traffic. > Thanks in advance, > > Luis =46or blocking p2p you can also look at the layer7 filter project for iptab= les=20 (http://l7-filter.sourceforge.net/) and Ipp2p=20 (http://rnvs.informatik.uni-leipzig.de/ipp2p/docu_en.html). Hope this helps, Victor |
