I know very little about the PIX firewalls, (Though I'd love to learn!)
What we've done at our location is to Block all of the Ip's belonging to
Napster.com, and we scan the users home directories for MP3's at night when
we do the backup. If any are found, the owner of the file is contacted,
Warned that they are in violation of the Microcomputer Standards Agreement,
and give them the opportunity to contribute to the "Buy more Internet
Bandwidth" fund.
(Then we randomly delete files from their PC over the next few weeks
without their knowledge. When it breaks, we blame Napster!)
Wait, no... that's what I wish we could do. Really we just block the
napster.com Ip's.
Good luck
[EMAIL PROTECTED]
----Original Message Follows----
From: "Dorroh, Hunter" <[EMAIL PROTECTED]>
To: 'Ejay Hire' <[EMAIL PROTECTED]>
Subject: RE: Napster Question
Date: Tue, 3 Oct 2000 11:06:33 -0400
Ejay,
Using the PIX 520 would I be able to use content checking i.e. L5-7 and stop
it then? That darn tricky software... we must stop it now :)
Hunter
-----Original Message-----
From: Ejay Hire [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 03, 2000 11:00 AM
To: [EMAIL PROTECTED]
Subject: RE: Napster Question
Napster is a very dynamic piece of software. If you deny incoming
connections on the napster File Transfer ports, but allow established, then
the Napster software inside your network will open a connection for the
transfer and then let the client download. Very sneaky/cool.
----Original Message Follows----
From: "Dorroh, Hunter" <[EMAIL PROTECTED]>
Reply-To: "Dorroh, Hunter" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Napster Question
Date: Tue, 3 Oct 2000 00:16:48 -0400
Hello everyone,
I searched through the archives and found lots of good information on
blocking but I did not see anything on the possibility of allowing users to
connect to Napster and download music but NOT be permitted to upload. Any
thoughts on how to allow this to happen via PIX or IOS FW? I was thinking
this might limit a company's legal exposure.
Thanks,
Hunter
-----Original Message-----
From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 29, 2000 3:49 PM
To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Napster Question
The list went through this several times already.
Blocking ports 4444, 5555, 6666, 7777 is useless.. since Beta6, Napster has
been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would
have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the
best and most thorough solution at this time.
Also, besides blocking the access to the main Napster sites will block most
users, and for those that go around it, there should be a user policy in
place. It is not totally your job to govern what the users do and do not
do.. the users should also be held responsible. Put a political policy in
place, and if it is broken by a user by using something such as opennap,
discipline from management will solve this issue.
Regards,
Trevor Corness, CCNA MCSE MCP+I
Network Systems Engineer, DataCom
BMS Communications Ltd.
http://www.bmscom.com
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Hal White
Sent: Friday, September 29, 2000 11:55 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Napster Question
Blocking these IP addresses will only block users from accessing the main
napster servers and will not block access to other napster servers, such as,
opennap, which can be found easily by using the napigator program. The best
way to block Napster is to block the ports that the client uses which are
4444,5555,6666,7777. Don't quote me on these ports because I can't find my
documentation at the moment, but I think they are right.
Hal
>From: "Fowler, Joey" <[EMAIL PROTECTED]>
>Reply-To: "Fowler, Joey" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: RE: Napster Question
>Date: Fri, 29 Sep 2000 13:15:19 -0400
>
>If you search the archives it has some info on this, but I just
implemented
>it this morning and it seems to working here. If you are using PIX
firewall
>(or any other) create an access list using the outbound and apply
commands
>to block the following addresses:
>
>208.184.216.0 /24
>208.178.167.0 /24
>208.178.163.61
>208.184.175.130
>208.184.175.131
>208.184.175.132
>208.184.175.134
>208.49.239.242
>208.49.239.247
>208.49.239.248
>
>People will start wandering by your desk asking if you've ever heard a
>program called Napster. I personally like to dumb.
>
>Joey
>
>-----Original Message-----
>From: Tom Pruneau [mailto:[EMAIL PROTECTED]]
>Sent: Friday, September 29, 2000 12:29 PM
>To: [EMAIL PROTECTED]
>Subject: Napster Question
>
>
>Greetings Group
>
>Does anyone know what ports Napster usies for handshaking?
>Inbound, outbound port number?
>What would it take to block Napster?
>
>
>Thanks
>
>Tom Pruneau
>Trainer Network Operations
>GENUITY
>3 Van de Graff Drive Burlington Ma. 01803
>24 Hr. Network Operations Center 800-436-8489
>If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri
>
>---------------------------------------------------------------------------
>This email is composed of 82% post consumer recycled data bits
>---------------------------------------------------------------------------
>
>"Once in a while you get shown the light
>in the strangest of places if you look at it right"
>
>**NOTE: New CCNA/CCDA List has been formed. For more information go to
>http://www.groupstudy.com/list/Associates.html
>_________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
