I would like to use HIPS to try and block p2p traffic on on network. Does anyone have any advice, templates or rules that they have used to block this on their network?
HI. Thanks for the advice. It seems then that there so no way for hips to identify packets or processes associated with p2p behaviour and therefore can only really be blocked on an application level. This seems to be a bit messy as there are so many applications for torrenting and DC++.Are there any feature in HIPS or any other Mcafee software that could Identify p2p like behaviour and blocked it based on that?
I have too look at applying whichever settings I have on a software/OS level. The environment is a university with around 10k-15k users. Our wired networks are layer 2 but wireless is layer 3 and we have blocked P2P on this level on the wireless. I will see if can find a list of p2p software which can be blocked and work from there. Perhaps the community here can contribute to improve all out environments.Build the list with software name and md5 key should be sufficient I think