On 10 Apr 2002 at 17:06, Julian Gomez wrote: > until I'm done doing my thing ;) Question - how do you bolt down Napster > and its ilk ? I thought it uses a range of dynamic ports even tunneling > through HTTP if it has to.
For the older versions I don't think it would do HTTP tunneling, so I just blocked the ports and server IPs it used. Here's the list of IPs and ports I had blocked back then (in fact still do, although I also run nmap from time to time across the network looking for anything out of the ordinary, although my LAN is now much smaller and everyone knows I keep tabs on what software they have installed!). 208.184.216.0/24:8875 208.178.163.61/32:4444 208.178.163.61/32:5555 208.178.163.61/32:6666 208.178.163.61/32:7777 208.178.163.61/32:8888 208.178.175.0/24:4444 208.178.175.0/24:5555 208.178.175.0/24:6666 208.178.175.0/24:7777 208.178.175.0/24:8888 208.184.216.0/24:4444 208.184.216.0/24:5555 208.184.216.0/24:6666 208.184.216.0/24:7777 208.184.216.0/24:8888 208.49.239.0/24:4444 208.49.239.0/24:5555 208.49.239.0/24:6666 208.49.239.0/24:7777 208.49.239.0/24:8888 0.0.0.0:6699 the last one being all outgoing connections on 6699. > Is this PIX specific ? Having never touched a PIX - I'm blurry at best. Nope, I just blocked the above which I found on a site somewhere when digging around for ways to block Napster. If I had to do it again I'd probably run something like Snort which allows you to look for specific data in the packets to identify Napster (and other apps) no matter what the destination IP or port and return the packets to close or deny the connection to the local machine, then the responses from the real destination would be ignored as the connection would already be closed. Obviously to do this you would need Snort running on a machine that could see all packets being passed from the inside to the internet so placing it is fun in a switched network. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
