<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Nils Breunese wrote:
<blockquote cite="mid35443EFD-4484-4B85-AB8B-0FA7F786C9B7@breun.nl"
type="cite">Peter Scheie wrote:
<br>
<br>
<blockquote type="cite">I think you'll have to elaborate on what you
want to prevent. Using a web browser is 'file sharing', as is much of
computer communication, in that the user's computer requests a file, in
this case an html file, from another computer, the web server.
<br>
<br>
If you're talking about bittorrent traffic, you could block ports
6881-6999 on your external firewall.
<br>
</blockquote>
<br>
Though that won't really block all BitTorrent as it's pretty easy to
set the port you want to use in the BitTorrent client. I use 16881
myself for instance. Probably better to block *all* ports by default
and only open up the ones that are really needed.
<br>
<br>
Nils Breunese.
<br>
<br>
</blockquote>
<br>
With BitTorrent, it's worse. Remember that we now have not just
encrypted BitTorrent, but port-hopping BitTorrent. We have to deal
with this, too. Your BitTorrent client finds that can't talk on its
"regular" ports (TCP 6881-6999)? Azureus, among others, will randomly
port-hop *and* encrypt, specifically to defeat both firewalls *and*
protocol analyzers. It's very effective.<br>
<br>
We "stop" it at the Internet gateway, and we do it with a fairly strict
"this is what's 'allowed' outbound" policy. We use a Packeteer to
shape everything but TCP 80, TCP 443, and certain other TCP/UDP ports
down to, maybe, 10Kb/sec. Thus, when Azureus goes a-port-hoppin,
fine! It's limited to 10Kb...shared by EVERYONE. Meanwhile, TCP 80,
TCP 443, etc. work at normal multi-megabit speed. Yes, it's a dirty,
sneaky, nasty trick...and it works really well.<br>
<br>
You could do the same thing with a Linux or OpenBSD gateway. A little
iptables/pf QoS magic is all you need.<br>
<br>
--TP<br>
<div class="moz-signature">
_______________________________
<br>
Do you GNU!?
<br>
<a href="http://www.gnu.org/">Microsoft Free since 2003</a>--the
ultimate antivirus protection!
<br>
</div>
<br>
<br>
</body>
</html>