2p2 killing me again

yawe_frek · 06-22-2007, 06:34 PM

hello friends,

i have successfully blocked a good number of peer 2 peer protocols such as gnutella, fasttrack,edonkey using an iptables modules called rope. but the problem now is i suddenly discovered this new p2p called ARES. i really want to block this thing from consuming my entire bandwidth. but unfortunately rope does not have a script for this ARES. can any one assist on what step to take.

Thanks in Advance.

win32sux · 06-22-2007, 07:09 PM

Maybe look into the IPP2P project. Their website lists Ares as one of the P2P networks which their iptables module can match.

sakimustafa · 06-23-2007, 03:16 AM

Try with l7 netfilter patch

yawe_frek · 06-23-2007, 10:13 AM

Thanks guys for the quick response, ipp2p does a very good work but still not blocking this particular variant of Ares called Ares regular. pls let me know if there is another option.

Thnaks

v00d00101 · 06-24-2007, 06:45 AM

Close all ports and force web traffic via a proxy like squid.

As i remember even Ares needs a port open to function properly. If you lock down all ports, then force everything through squid, you can tailor exactly what gets access, and also weight things, so perceived p2p traffic gets a hellishly low priority, while http(s) gets a higher priority, etc.

Guides on how to do this exist and can be found via the usual routes (google, etc).

Also maybe look into dansguardian and moblock.

yawe_frek · 06-24-2007, 10:18 AM

thanks v00d00101,

could u give me a hint on how i could use squid to attain this after blocking all ports.

Thnaks

win32sux · 06-24-2007, 05:18 PM

Quote:

Originally Posted by yawe_frek

ipp2p does a very good work but still not blocking this particular variant of Ares called Ares regular.

Does it say that on the website or did you try it yourself? BTW, if the ipp2p people have a mailing list it might be a good idea to ask about this there.

Quote:

Originally Posted by yawe_frek

could u give me a hint on how i could use squid to attain this after blocking all ports.

What you will be able do with Squid is gonna be very limited IMHO (unless Ares has no proxy compatibility at all). If you wish to go the proxy route, I'd say your best bet would be an application-layer proxy. A lot of people like Zorp.