Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

03 January 2006

Juniper NetScreen IDP to Block Shareaza

The signatures in the IDP are capable of blocking P2P and IM applications when they use standard ports, but sometimes these applications use non-standard ports nor protocols especially when the signatures are bound to specific protocols/ports.

For example the signature to block eDonkey "P2P:EDONKEY:CLIENT-HELLO" is bound to the TCP port range 4242-4662, so in order to completely block eDonkey you can bind it to any.

Similarly the signatures for Gnutella "P2P:GNUTELLA:CONNECT", "P2P:GNUTELLA:CONNECTION-OK", and "P2P:GNUTELLA:CONNECTION-OK-V06", they can be bound to any protocol/port range instead of a specific ones.

And that's why I prefer using Juniper IDP as it gives you the flexibility to edit the different attack signatures to meet your custom needs. However I think that they have to stop binding the P2P and IM related signatures from the beginning as people are not supposed to do such stuff by hand every time they install a new IDP.

Tags: , ,