Results 1 to 4 of 4

Thread: "freenet" block

  1. #1
    Newbie
    Join Date
    Jul 2013
    Posts
    2

    Default "freenet" block

    Good day,

    I have been running untangled for short while now and the lite edition has covered most of what I needed. When setting up application control lite, I simply blocked + flagged a lot of things including all P2P apps. One came up as a hit called Freenet. I Did some research and it came up as two things, one a P2P sharing application and two a TOR style access to undernet. Both of which I do not want to see on my network period. I tried following up by filing report and getting permission to search users PC and was unable to find anything at all. It still happens randomly once or twice a day for a day or two. It is always to the same two IP addresses, I did a look up and its a yahoo address(76.13.21.16 and .15). Is this probably a false positive?

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,757

    Default

    Application Control Lite is simply not able to effectively block determined P2P traffic.

    Many P2P protocols allow for the clients to use adaptive algorithms, such that if a client detects interference it will start changing what it transmits, shifting it's signature in an attempt to bypass the interference. The goods news is taht Application Control Lite generally is capable of detecting all of these mutations. The problem is that the P2P clients just. don't. give. up. If you have more than one or two of these, they'll eventually send so many sessions in so many different combinations that they flood your Untangle box, slowing all internet traffic at your location to a crawl. This is what the Attack Blocker Module is supposed to prevent, but my experience is that it's tuned too low to be effective against this kind of issue.

    The way to deal with P2P traffic in untangle is to throttle or tarpit it. Use Application Control Lite in conjunction with the Bandwidth Control App to set the QoS level for P2P to something very very small. You want it just large enough that the client doesn't adapt, but small enough that a user is not really able to do anything meaningful. Then you watch your logs and when you see P2P you use that to communicate policy to the user. On my network, I've found it easier to throttle offending user's entire connection. This has been more effective for changing user behavior. Of course, I have residential college students, so it's not practical for me to have a policy of banning P2P outright.

    The downside here is that this requires the paid bandwidth control app. Basically, Application Control Lite is just enough to prove to an admin that Untangle's technology can detect P2P, and that the blocks work. But if you want to be effective, you need at least the paid Bandwidth Control Module.
    Last edited by jcoehoorn; 07-26-2013 at 06:49 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  3. #3
    Newbie
    Join Date
    Jul 2013
    Posts
    2

    Default

    I see what you are saying and saw similar advice in other posts regarding P2P. I am working to get Untangled bought for my company, budget is just too tight at the moment.

    I was just wondering if anyone has see this before as a false positive or any tips to determine if it is a real hit or not.

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,757

    Default

    I do see occasional false positive for P2P. That is one more reason to throttle vs block: now whatever legitimate request triggered that will still complete.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2