You are on a loser if you want to block all p2p. p2p systems (with the exception of bittorent, which is designed as a legitimate way to transfer legal files) try to act as standard traffic, often using the http ports in normal ways: Allow http and you allow p2p too.
Of course, what you require is a check-box solution to convince a PHB that you are doing that, so all you need is some harmless block out rules on a few common ports. Totally ineffective, or course, but that is a feature, not a bug.
(I am sorry if this came across as an insult to anyone: It was merely a statement of fact (or maybe opinion): blocking all p2p without blocking normal traffic is not possible: encryption and abusing common port numbers (25, 80, 443, 110...) will get you through.)
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Last edited by robbak; 4th July 2008 at 02:12 AM.
Reason: Fixing spelling mistake, and adding disclaimer.
|