How to block all file sharing with router?

[nas82]

Hi there

I am using Belkin Pre N router. I need to know which ports to block for all file sharing programs. People do not know how to listen when i say do not use file sharing.

I am just not sure which ports to block, please enlighten me on which ones to block.

 

[MetalX]

Try this:

http://www.portforward.com/cports.htm

 

[figgie]

file sharing for Windows

port 137, 138 and 139.

That all that is needed.

 

[neoanderson]

file sharing for Windows

port 137, 138 and 139.

That all that is needed.

i think he meant P2P apps, and not windows file sharing.

Since most P2P apps are able to overide the defualt ports, you will not have much luck there.
considering for downloading, it does not need an open incoming port (a stateful packet inspection will recognize the traffic as part of a requested connection) you will not be able to block downloaders.

the only hope is to use an application layer gateway, or proxy that will allow you to block traffic per application, rather than port.
the belkin router will not do this

 

[MorfiusX]

You are going to need an application layer firewall. ISA 2004 and some of the new Cisco firewalls will as well.

 

[neoanderson]

i think 1 linux box or SBS by itself would be sufficient.
someone running a SOHO router probably doesn;t have the budget for all that you suggest

 

[RavenD]

A linux box running IPCop with the P2PBlock addon would do the trick.

 

[Malk-a-mite]

Clarkconnect also has a firewall addon for P2P traffic.

I believe the original software is here:
http://ipp2p.org/

Does IPP2P match every P2P packet?
No, IPP2P identifies certain packets containing P2P commands. It depends on the P2P network wich and how many packets are matched by IPP2P. Download commands are identified for example. If one drops these packets no P2P download for this network will work anymore. On the other hand one could use this identified packet to classify the whole connection and slowing P2P downloads to a give rate using traffic shaping. So we don't identify all packets but some important ones wich gives us the possibility to handle P2P traffic as we wish to.