Peer To Peer Security Concerns - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Peer To Peer Security Concerns

Description:

Free! As of May of 2003, there were over 2.6 million downloaded copies ... Filetopia Limewire Blubster. Imesh Konspire Winmx. Splooge Morpheus Neo Modus ... – PowerPoint PPT presentation

Number of Views:103
Avg rating:3.0/5.0
Slides: 17
Provided by: birmingham9
Category:

less

Transcript and Presenter's Notes

Title: Peer To Peer Security Concerns


1
Peer To Peer Security Concerns
  • Thomas Torgerson
  • Birmingham Chapter of InfraGard
  • July 8th, 2003

2
P2P File Sharing Basics
  • Peer to Peer connection with another
    individuals PC
  • Files are transferred between the
    workstations
  • A trust relationship is established between
    the two
  • individuals
  • Most common shared files are MP3s, video
    files,
  • images, text files, games, and software
  • Basic Explanation of how P2P works can be
    found
  • here - http//p2ptransfers.com/whatisp2p
    .htm

3
P2P Questions and Concerns 1
  • Do you use a P2P tool or know of someone who
    does?
  • If you use P2P, do you trust the person on the
    other end?
  • Do you trust that this person has adequate
    anti-virus software in
  • place?
  • Can you trust the P2P application itself
    (might have spyware
  • attached)?
  • Are there any benefits from using these tools?
  • Is the communication between the two peer
    systems secure?
  • Do employees at your company use file sharing
    tools while
  • attached to the network?

4
P2P Questions and Concerns 2
  • If so, are they putting your company at risk
    (from a security
  • standpoint or from a legal standpoint)?
  • Do you have policies in place that specifically
    state no file sharing
  • tools allowed on your corporate network
    (any type connection)?
  • If not, then why not and has this been
    discussed?
  • Do you have tools in place to help you track
    down employees who
  • may be using these tools?
  • Oh, did I mention that P2P applications can
    easily circumvent your
  • Firewall?

5
Enter the world of KaZaa
  • KaZaa
  • http//www.kazaa.com
  • Free!
  • As of May of 2003, there were over 2.6 million
    downloaded copies
  • Provides file sharing and chat mechanism
  • Default port is 1214 but this can be changed to
    any port to disguise traffic

6
Enter the world of BearShare
  • BearShare
  • http//www.bearshare.com
  • Free! An ad-free version (BearShare Pro) can be
    purchased for a fee of 3.33/month
  • Provides file sharing and chat mechanism
  • Default port is 6346 but can be changed to any
    port to disguise

7
Enter the world of FolderShare
  • AudioGalaxy/FolderShare
  • http//www.audiogalaxy.com
  • http//www.foldershare.com
  • AudioGalaxy provides a search engine for files,
    whereas FolderShare provides the file sharing
    function slightly different from the others
    listed
  • Connects to primary server on port 443

8
Other P2P tools
  • Filetopia Limewire Blubster
  • Imesh Konspire Winmx
  • Splooge Morpheus Neo Modus
  • Grokster E Donkey 2000 MP3 Voyeur
  • Carracho Phosphor Phex
  • There are others that are not mentioned here and
    others that are now no longer in development and
    some that have been taken down like napster.
    Hyperlinks are included above.

9
Defeating KaZaa
  • Block outgoing access to the IP address for the
    KaZaa site on a PEP router or even perimeter
    router to catch those trying to access the site
    to download the tool
  • access-list 101 deny ip any 216.248.131.234
    0.0.0.0 log KaZaa site
  • Block outgoing access to port 1214 on a PEP
    router or even perimeter router to catch those
    who are not wise enough to change the default
    port
  • access-list 101 deny tcp any any eq 1214 log
    default KaZaa port
  • Use these snort sigs developed by Dan Clemens to
    catch KaZaa traffic
  • Initial connection
  • File search request
  • File download

10
Defeating BearShare - 1
  • Block outgoing access to the IP address for the
    BearShare site and the default BearShare service
    provider servers on a PEP router or even
    perimeter router to catch those trying to access
    the site to download the tool or making
    connections to service provider servers. By
    blocking these gnutella service provider servers,
    other P2P apps that rely on the gnutella network
    to function will also be blocked.
  • access-list 101 deny ip any 208.239.76.98 0.0.0.0
    log bearshare site
  • access-list 101 deny ip any 208.239.76.97 0.0.0.0
    log connect1.bearshare.net
  • access-list 101 deny ip any 209.61.184.226
    0.0.0.0 log connect1.gnutellanet.com
  • access-list 101 deny ip any 208.239.76.103
    0.0.0.0 log connect2.bearshare.net
  • access-list 101 deny ip any 209.61.184.228
    0.0.0.0 log connect2.gnutellanet.com
  • access-list 101 deny ip any 208.239.76.102
    0.0.0.0 log connect3.bearshare.net
  • access-list 101 deny ip any 209.61.184.225
    0.0.0.0 log connect3.gnutellanet.com
  • access-list 101 deny ip any 65.59.117.194 0.0.0.0
    log connect4.gnutellanet.com

11
Defeating BearShare - 2
  • Block outgoing access to port 6346 on a PEP
    router or even perimeter router to catch those
    who are not wise enough to change the default
    port
  • access-list 101 deny tcp any any eq 6346 log
    default BearShare port
  • Use these snort sigs developed by Dan Clemens to
    catch BearShare traffic
  • Initial connection
  • File search request
  • File download

12
Defeating FolderShare - 1
  • Block outgoing access to the IP address for the
    FolderShare and part or all of the AudioGalaxy
    site (216.166.75.1 for foldershare website,
    216.166.75.2 for one of the ssl servers,
    216.166.75.8 for the ftp site at audiogalaxy and
    216.166.74.3 for the audiogalaxy website) on a
    PEP router or even perimeter router to catch
    those trying to access the site to download the
    tool
  • access-list 101 deny ip any 216.166.75.1 0.0.0.0
    log FolderShare site
  • access-list 101 deny ip any 216.166.75.2 0.0.0.0
    log FolderShare SSL server
  • access-list 101 deny ip any 216.166.75.8 0.0.0.0
    log AudioGalaxy FTP Server
  • access-list 101 deny ip any 216.166.74.3 0.0.0.0
    log AudioGalaxy site

13
Defeating FolderShare - 2
  • Use these snort sigs developed by Dan Clemens to
    catch FolderShare traffic
  • Initial FTP connection to n170.audiogalaxy.com
  • alert tcp EXTERNAL_NET 21 - HOME_NET any
    \(msg"filesharefolder ftp connection from FTP
    STUFF "\flowto_client\content"45 5f 00 15
    01 00 0c" content"01 bb" distance4within
    14classtypepolicy-violation)
  • Connection to FolderShare on port 8000
  • alert tcp HOME_NET any - EXTERNAL_NET 8000
    \(msg"filesharefolder 8000 connection"
    \flowto_server\content "45 5f 00 07 01 1f
    40"classtypepolicy-violation)
  • Connection to FolderShare on port 80
  • alert tcp HOME_NET any - EXTERNAL_NET 80
    \(msg"filesharefolder going to http
    traffic"\flowto_server\content"45 5f 00 07
    01 00 "classtypepolicy-violation)

14
Oh My All this file sharing!
  • Files can be shared out by accident
  • Did I mention these can slip through a firewall
    without notice?

15
Recording Industry Association of America
16
H.R.2517
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Peer To Peer Security Concerns" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!