Luca Ferrari wrote:
Hi,The only sure way to block them is to totally deny inbound connections (unless needed for some purpose or another) and restrict outbound connections to, say, port 80, 443 (web), depending on your network config maybe 25 (smtp), 110 (pop3), and 53 (DNS).
in my network users are increasing the amount of peer-to-peer traffic (e-mule, winmx), how can I deny the above traffic? I'm using iptables and squid on my linux firewall, but I don't know if there's a specific port to lock or something else I can use to recognize the "bad" packet in the network traffic.
Thanks,
Luca
Personally, I just force everyone through a very restrictive filtering proxy and don't allow direct connections at all. Since you do have squid on there you can do the same.
The other way, as already mentioned, is a policy change. Here, I gave everyone a week to clean up their act, and worked with people to make sure their computers are clean. After that... everyone caught inappropiately using their machine got fired the same day. Works like a charm.
J - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
