Layer 7 filtering example using pf and relayd : block torrent use and some urls

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Layer 7 filtering example using pf and relayd : block torrent use and some urls

Wesley MOUEDINE ASSABY
Hi,

A new how to about PF and relayd :
http://www.mouedine.net/relayd

Cheers,

Wesley MOUEDINE ASSABY

Reply | Threaded
Open this post in threaded view
|

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

Vijay Sankar
Quoting Wesley MOUEDINE ASSABY <[hidden email]>:

> Hi,
>
> A new how to about PF and relayd :
> http://www.mouedine.net/relayd
>
> Cheers,
>
> Wesley MOUEDINE ASSABY
>
>

Nice! Thanks very much,

Vijay

Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
[hidden email]

---------------------------------------------
This message was sent using ForeTell-POST 4.9

Reply | Threaded
Open this post in threaded view
|

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

Paolo Aglialoro
In reply to this post by Wesley MOUEDINE ASSABY
Hi,
really nice tutorial :)

What about blocking some sites like dropbox, gdrive, etc. which are the
main channels through which files are nowadays leaking out of companies?

For instance, in the case of dropbox a single url would not be enough, just
look here:

https://ipdb.at/org/Dropbox

Same to block fbook or similar socials.

U could integrate ur schema with the use of tables but the real
breakthrough would be catching these applications at protocol level when
they try to login remotely. Managing tables of forbidden ip addresses is a
job in itself.
 Il 25/nov/2013 15:38 "Wesley MOUEDINE ASSABY" <[hidden email]> ha
scritto:

> Hi,
>
> A new how to about PF and relayd :
> http://www.mouedine.net/relayd
>
> Cheers,
>
> Wesley MOUEDINE ASSABY

Reply | Threaded
Open this post in threaded view
|

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

Wesley MOUEDINE ASSABY
Hi,

Tested with facebook.com/
It works. In this case, PF doesn't block any IP, relayd take all the
work,
it is a transparent proxy with https/http inspection.

I also tested this :
Download .torrent file is not allowed.
 From a usb key, i tried to open a .torrent with utorrent client
(windows)
it doesn't download any files.I don't want to make any risky
assumptions ;-)

Cheers,

==wma

Le 2013-11-26 4:14, Paolo Aglialoro a écrit :

> Hi,
> really nice tutorial :)
>
> What about blocking some sites like dropbox, gdrive, etc. which are
> the
> main channels through which files are nowadays leaking out of
> companies?
>
> For instance, in the case of dropbox a single url would not be
> enough, just
> look here:
>
> https://ipdb.at/org/Dropbox
>
> Same to block fbook or similar socials.
>
> U could integrate ur schema with the use of tables but the real
> breakthrough would be catching these applications at protocol level
> when
> they try to login remotely. Managing tables of forbidden ip addresses
> is a
> job in itself.
>  Il 25/nov/2013 15:38 "Wesley MOUEDINE ASSABY"
> <[hidden email]> ha
> scritto:
>
>> Hi,
>>
>> A new how to about PF and relayd :
>> http://www.mouedine.net/relayd
>>
>> Cheers,
>>
>> Wesley MOUEDINE ASSABY

Reply | Threaded
Open this post in threaded view
|

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

Wesley MOUEDINE ASSABY
In reply to this post by Wesley MOUEDINE ASSABY
Thanks, i will correct that.

Le 2013-11-27 13:21, Tristan Le Guern a écrit :

> Le 11/25/13 15:38, Wesley MOUEDINE ASSABY a écrit :
>> Hi,
>>
>> A new how to about PF and relayd :
>> http://www.mouedine.net/relayd
>>
>> Cheers,
>>
>> Wesley MOUEDINE ASSABY
>>
> Are you aware that DNS use TCP connexion when replies are too large
> for
> UDP? It is a bad practice to block this.

Reply | Threaded
Open this post in threaded view
|

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

Stuart Henderson
[ http://www.mouedine.net/relayd/ ]

> Le 2013-11-27 13:21, Tristan Le Guern a \xc3\xa9crit\xc2\xa0:
>> Are you aware that DNS use TCP connexion when replies are too large
>> for UDP? It is a bad practice to block this.                                                                  

When replies are too large, or in some cases when the servers are
under attack (the RRL SLIP mechanism).      

Other notes on this method:

- magnet: links don't use http

- forcing all https sites through this type of proxy will break sites
using certificate pinning, e.g. google sites if accessed via chrome