How to block port hopping apps?

[Specialsit]

like torrents

[jcoehoorn]

The trick with these apps is that you never know if you really got them, if they finally ended running on port 80, or if they found somewhere else to hide. And from experience I can tell you that all the attempts and hops can cause inadvertent denial of service problems on your untangle server.

What I finally settled on to keep up with things is to handle it in three parts:

1. Use attack blocker to find out who my offenders are
2. Use QoS to slow traffic from the offenders. This is currently less than satisfying, as they still get a lot of throughput, but I understand that the upcoming version 8 will allow me to slow their traffic to a trickle. In other words: try to torrent, get sent back to 1998 internet speeds.
3. Additionally quarantine the worst offenders to only allow about 5 ports total, in or out.

In effect, you prevent the app from hopping ports by allowing the first connection to succeed - a honeypot, if you will, but then you only pass that traffic through at a trickle, such that it becomes a block in everything but name only. I mean, if you want to spend 10 minutes to download one mp3, be my guest.

[Specialsit]

How long tell 8.0?

[WebFooL]

How long tell 8.0?

There is no public RLS date for 8.0.
So your guess is as good as mine

[Specialsit]

hi [QUOTE=mrunkel;116775]It's under development right now, I think it's supposed to go to QA in 4 weeks, figure at least two weeks in QA and then we'll have an Alpha, then Beta, RC, and final. It's about a week between each release once it gets to Alpha, but it could loop in Beta and RC status for a few weeks.