| View previous topic :: View next topic |
| Author |
Message |
robbyjo
Guru
Joined: 06 Apr 2003
Posts: 462
|
 Posted: Fri Feb 03, 2006 2:17 am Post subject: Blocking Limewire? |
 |
|
Hi all,
I'm wondering on how to block Limewire. I tried to block its startup port (i.e. 6346) but it doesn't work. Limewire keeps working. I block any combination of ports I can think of (incl. port 80), but Limewire can still work! I disabled UPnP in the router but that darn thing still works! 
The thing is that Limewire saps our small bandwidth pretty quick and we don't want that. Any suggestions? Thanks a lot. |
|
| Back to top |
|
 |
El Tazar
n00b
Joined: 06 Nov 2004
Posts: 57
|
| Posted: Fri Feb 03, 2006 7:50 am Post subject: |
|
|
You say that you've tried to block specific ports (i.e. 6346) but you do not mention if it's for both outgoing and incoming traffic. Usually you'd need to do both and unfortunately many home NAT routers lack the ability to block outgoing traffic.
Even if you have something that can block both outgoing and incoming traffic, many of these modern P2P apps (Especially Kazaa) are quite efficient at finding an alternative port such as 80 or 21 and route traffic through that.
The best solution is to implement a *nix firewall with iptables and use a "open only what's needed" policy along with application layer filtering, using some pre-routing rules such as these:
| Code: |
#Kazaa Killer
$IPTABLES -A INPUT -p TCP -m string --string "X-Kazaa-" -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p UDP -m string --string "KaZaA" -j DROP
$IPTABLES -A INPUT -p UDP -m string --string "fileshare" -j DROP
#Kazaa Killer
$IPTABLES -A PREROUTING -p TCP -m string --string "X-Kazaa-" -j REJECT --reject-with tcp-reset
$IPTABLES -A PREROUTING -p UDP -m string --string "KaZaA" -j DROP
$IPTABLES -A PREROUTING -p UDP -m string --string "fileshare" -j DROP
#BitTorrent Killer
$IPTABLES -A INPUT -p TCP -m string --string "BitTorrent protocol" -j REJECT --reject-with tcp-reset
#Soulseek Killer
$IPTABLES -A INPUT -d server.slsk.org -j DROP
#Filenavigator/swaptor Killer
$IPTABLES -A INPUT -d cache.filenavigator.com -j DROP
#Gnutella Killer
$IPTABLES -A INPUT -p TCP -m string --string "GNUTELLA CONNECT/" -j DROP
$IPTABLES -A INPUT -p TCP -m string --string "urn:sha1:" -j DROP
$IPTABLES -A INPUT -p TCP -m string --string "GET /get/" -j DROP
$IPTABLES -A INPUT -p TCP -m string --string "GET /uri-res/" -j DROP
|
|
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Fri Feb 03, 2006 10:33 am Post subject: |
|
|
| Can you specifically forward ports on the router? You could try explicitly forwarding the Limewire ports to a non-Limewire machine on the network. |
|
| Back to top |
|
|
orvtech
Tux's lil' helper
Joined: 28 Aug 2004
Posts: 115
Location: US. Florida
|
| Posted: Sat Jun 10, 2006 10:37 pm Post subject: |
|
|
| magic919 wrote: | | Can you specifically forward ports on the router? You could try explicitly forwarding the Limewire ports to a non-Limewire machine on the network. |
the main problem is that limewire keeps changing its port so if you block all ports expet lets say .. 80 so you can go to the internet it will eventually find it. im looking in to creating a filter using either snort or ettercap to damage the packages of it (i have had no success) i just have "roomates" that think that the RIAA is a myth .
_________________
http://orvtech.com
http://www.linuxevolution.org |
|
| Back to top |
|
|
htranou
Tux's lil' helper
Joined: 08 May 2006
Posts: 96
|
| Posted: Sat Jun 10, 2006 11:06 pm Post subject: |
|
|
| You could try L7 filters. They're application Layer filters, like El Tazar suggests. |
|
| Back to top |
|
|
|
Networking & Security
