On 23 Nov 2000, at 10:21, Robert Olsson wrote:
> Why don't you just block the TCP-ports used by Napster? Denying traffic
> to/from ports 6699 and 8888 ought to do the trick. Or?
Not sure if Napster is the same as Gnutella but we've just had a case here
where someone was running both and as we blocked ports both apps
changed theirs to compensate. Over 2 days his machine transferred over
700Mb of data and he said he thought he'd disabled them, so if he meant
that he wasn't downloading files then masses of data was pulled off his
machine without his knowledge through our firewall. These apps are a real
nightmare for security admins - we're now going to run a full audit of all
software on all machines in the company and we've built some custom
programs to parse the firewall logs looking for possible connections using
Napster and Gnutella so we can flag them down quickly. Anyone got any
recommendations on a good IDS tool that runs on NT/2000 (no *nix here!)
that can be set up to spot packet signatures for Napster and Gnutella?
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
