Hi You can try this I used to block them at my old company and this is the notes I wrote... some might have changed however...Good Luck...
App: WinMX This package is Napster-like and requires a central site to enable file sharing. Blocking this site prevents it's use. -Deny traffic from source: 209.61.186.0/24 -Deny traffic to destination: 209.61.186.0/24 -Deny traffic from source: 64.49.201.0/24 -Deny traffic to destination: 64.49.201.0/24 App: AudioGalaxy Satellite This package uses higher ports to search AudioGalaxy Satellite servers and FTP (TCP 21 and TCP 20) to perform the actual file transfers. Also blocking the AudioGalaxy netblock should help. Completely denying FTP will prevent this service as well. -Deny traffic to destination: 0.0.0.0/0 TCP 41000-42000 -Deny traffic from source: 0.0.0.0/0 TCP 41000-42000 -Deny traffic to destination: 0.0.0.0/0 UDP 41000-42000 -Deny traffic from source: 0.0.0.0/0 UDP 41000-42000 -Deny traffic to destination: 64.245.58.0/23 App: Napigator Napster like tool, requires central site to function. Blocking the central site blocks Napigator. -Deny traffic to destination: 209.25.178.0/24 -Deny traffic from source: 209.25.178.0/24 App: Freenet The only effective way to catch this type of traffic is watching the header traffic for telltales. Many packetfilters allow searching the first packet of a stream for string matches. Generally speaking, the implementation of this kind of filter is outside of the scope of a simple HOW-TO doc. The protocol is built from the groundup to not rely on any specific port. For more information refer to http://freenetproject.org. App: Napster Block access to the Napster central netblocks (these could change periodically) this prevent Napster use: -Deny traffic to destination: 64.124.41.0/24 -Deny traffic from source: 64.124.41.0/24 Block access to peer file shares, only filter default ports. This could break some internet usage (very doubtful) but would prevent Napster usage if the above netblock were to change to another set of addresses. -Deny traffic to destination: 0.0.0.0/0 TCP 6699 -Deny traffic from source: 0.0.0.0/0 TCP 6699 -Deny traffic to destination: 0.0.0.0/0 UDP 6699 -Deny traffic from source: 0.0.0.0/0 UDP 6699 App: Aimster Blocking Aimster requires blocking AOL Instant Messenger (AIM). AIM is getting harder to block without the use of a filter or proxy that looks at TCP 80 (Web) traffic and verifies that in fact only HTTP traffic is passing on this port. Using the following filters make AIM (and Aimster) much harder to use. Block client ICQ/AIM traffic -Deny traffic to destination: 0.0.0.0/0 TCP 5190 -Deny traffic from source: 0.0.0.0/0 TCP 5190 -Deny traffic to destination: 0.0.0.0/0 UDP 5190 -Deny traffic from source: 0.0.0.0/0 UDP 5190 Since AIM can also use TCP 13, 23, 80, 113, and others, it might be best to blocklist AOL sites altogether or only allow DNS lookups. This solution pretty much break AOL access from within so use carefully. The best solution is outlined above, filter TCP 5190 and UDP 5190 as well as use filters or proxies that don't allow non-HTTP traffic to use TCP 80. -Deny traffic to destination: 205.188.0.0/16 TCP 53 from Internal-DNS-box -Deny traffic from source: 205.188.0.0/16 TCP 53 from Internal-DNS-box App: iMesh Blocking access to the iMesh central server breaks iMesh. -Deny traffic to destination: 216.35.208.0/24 -Deny traffic from source: 216.35.208.0/24 App: eDonkey Block clients connecting to the server -Deny traffic to destination: 0.0.0.0/0 TCP 4661 -Deny traffic from source: 0.0.0.0/0 TCP 4661 -Deny traffic to destination: 0.0.0.0/0 UDP 4665 -Deny traffic from source: 0.0.0.0/0 UDP 4665 Block clients connecting to each other -Deny traffic to destination: 0.0.0.0/0 TCP 4662-Deny traffic from source: 0.0.0.0/0 TCP 4662 App: Gnutella (also BearShare, ToadNode, Limewire, Gnucleus, and others) When left at the default settings, Gnutella can be blocked as follows. Block clients connecting to each other -Deny traffic to destination: 0.0.0.0/0 TCP 6345-6349 -Deny traffic from source: 0.0.0.0/0 TCP 6345-6349 -Deny traffic to destination: 0.0.0.0/0 UDP 6345-6349 -Deny traffic from source: 0.0.0.0/0 UDP 6345-6349 App: Kazaa and Morpheus Block clients connecting to each other and the application is broken. -Deny traffic to destination: 0.0.0.0/0 TCP 1214 -Deny traffic from source: 0.0.0.0/0 TCP 1214 -Deny traffic to destination: 0.0.0.0/0 UDP 1214 -Deny traffic from source: 0.0.0.0/0 UDP 1214 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Adriano Dias Leite Sent: 15 January 2004 14:25 To: [EMAIL PROTECTED] Subject: [FW-1] how to block Kazaa and peer to peer applications Hi all, Does anybody knows how to block kazaa, eMule, and this kind of applications using checkpoint firewall-1 ng fp3? Thank you! Adriano Dias Security Analyst ( 3457-2205 �9647-3919 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
