Watching traffic and blocking ports on firewalls is not the right solution. Peer-to-peer apps tend to use an ever-changing variation of hosts and ports. Keeping track of the connections is a time consuming manual process.
If you want to manage how applications use your WAN bandwidth, you need a PacketShaper. It auto-identifies the applications making it to your WAN and allows you to set policies to guarantee, limit or block the WAN bandwidth used by any class of traffic (sort of an application QoS). It acts on both inbound and outbound traffic, and adds less than 2-msec of latency. It has substantial layer-7 "smarts" to identify (and block or tame) Napster, Gnutella and KaZaa amongst others. Check it out at: http://www.packeteer.com ----- Original Message ----- From: "Daniel Crichton" <[EMAIL PROTECTED]> To: "Julian Gomez" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 10, 2002 11:25 am Subject: Re: PIX 515 On 10 Apr 2002 at 17:06, Julian Gomez wrote: > until I'm done doing my thing ;) Question - how do you bolt down Napster > and its ilk ? I thought it uses a range of dynamic ports even tunneling > through HTTP if it has to. For the older versions I don't think it would do HTTP tunneling, so I just blocked the ports and server IPs it used. Here's the list of IPs and ports I had blocked back then (in fact still do, although I also run nmap from time to time across the network looking for anything out of the ordinary, although my LAN is now much smaller and everyone knows I keep tabs on what software they have installed!). 208.184.216.0/24:8875 208.178.163.61/32:4444 208.178.163.61/32:5555 208.178.163.61/32:6666 208.178.163.61/32:7777 208.178.163.61/32:8888 208.178.175.0/24:4444 208.178.175.0/24:5555 208.178.175.0/24:6666 208.178.175.0/24:7777 208.178.175.0/24:8888 208.184.216.0/24:4444 208.184.216.0/24:5555 208.184.216.0/24:6666 208.184.216.0/24:7777 208.184.216.0/24:8888 208.49.239.0/24:4444 208.49.239.0/24:5555 208.49.239.0/24:6666 208.49.239.0/24:7777 208.49.239.0/24:8888 0.0.0.0:6699 the last one being all outgoing connections on 6699. > Is this PIX specific ? Having never touched a PIX - I'm blurry at best. Nope, I just blocked the above which I found on a site somewhere when digging around for ways to block Napster. If I had to do it again I'd probably run something like Snort which allows you to look for specific data in the packets to identify Napster (and other apps) no matter what the destination IP or port and return the packets to close or deny the connection to the local machine, then the responses from the real destination would be ignored as the connection would already be closed. Obviously to do this you would need Snort running on a machine that could see all packets being passed from the inside to the internet so placing it is fun in a switched network. Dan --- D.C. Crichton email: [EMAIL PROTECTED] Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
