It's probably easiest to create policies & procedures regarding P2P transfer and then rather than block it and have the traffic bounce to another port simply rate limit the traffic on a border router to something were users won't use it because it is too slow.
Todd -- | -----Original Message----- | From: [EMAIL PROTECTED] [mailto:full-disclosure- | [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] | Sent: Monday, September 15, 2003 2:56 PM | To: Dimitri Limanovski; Johnson, Mark | Cc: [EMAIL PROTECTED] | Subject: Re: [Full-Disclosure] Blocking Music Sharing. | | That won't alwasy work. | I don't know enough about the inner workings of Limewire | and such but I know that AIM has a mechanism to go out over | any well known port such as 53 or 21...i'm sure the makers | of P2P have incorporated similiar features into their | designs. | | The only advice I can give is to monitor the traffic | utilizing Snort, create AUPs for employees, and take steps | against them if they violate it. | | Someone else out there may have a better idea, but if IM | can do it, i'm sure these programs can take any outbound | path they want... | | Scott Renna | Symantec Managed Security Services | | | | On Mon, 15 Sep 2003 13:42:03 -0400 | "Dimitri Limanovski" <[EMAIL PROTECTED]> wrote: | > | > Just block ALL the traffic outbound and allow only | > necessary ports, | > like HTTP/S, FTP, SMTP, DNS etc. Requires more work on | > your end | > managing the firewall rules but a better practice and | > protection in | > the long run. | > | > | > Dimitri | > | > | > | > |---------+--------------------------------------> | > | | "Johnson, Mark" | | > | | <[EMAIL PROTECTED]> | | > | | Sent by: | | > | | [EMAIL PROTECTED]| | > | | .netsys.com | | > | | | | > | | | | > | | 09/15/2003 12:37 PM | | > | | | | > |---------+--------------------------------------> | > | >----------------------------------------------------------------------- | ---------------------------------------| | > | | > | | > | | > | To: <[EMAIL PROTECTED]> | > | | | > | cc: | > | | > | | > | Subject: [Full-Disclosure] Blocking Music | > Sharing. | > | | > | >----------------------------------------------------------------------- | ---------------------------------------| | > | > | > | > Due to the legal issues, I am trying to block access to | > sites like | > Kazaa and Limewire in the office. If I am not mistaken, | > these | > networks can use different ports each time, so there is | > no way to | > block it at the firewall. Is this right? And if so, | > what is the best | > way to block access to these types of sites? | > | > Many thanks, | > Mark J. | > | > | > | > | > _______________________________________________ | > Full-Disclosure - We believe in it. | > Charter: | > http://lists.netsys.com/full-disclosure-charter.html | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html