You'd have to snoop every time a user connects, which could be
scripted. But sooner or later this approach will break other services -
especially FTP and more legit streaming media.
All those people who've blocked Napster by defining it in their DNS had
better get ready for the exciting world of Gnutella...
--
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376
On Fri, 28 Jul 2000 [EMAIL PROTECTED] wrote:
>
> Can anyone suggest method of adequately testing these port numbers?
>
> -----Original Message-----
> From: Michael Hernandez [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 28, 2000 8:54 AM
> To: 'Michael Tench'; Gijs Wuyts; 'Mike Anning';
> [EMAIL PROTECTED]
> Subject: RE: [FW1] Napster
>
>
>
> Just to add a little more, as Michael Tench said real world counts, and
> after serving 10 years in the Navy working in NOC's I can say that besides
> agreeing with his approach you may also opt for an easier way, meaning setup
> a single rule with your workstation and on the log filter only
> outbound/inbound traffic as you hit napster, you'll notice napster will open
> 2 ports initially, one port is a UDP port which queries for a napster
> server, once found then send another request via TCP (on a different port)
> to establish a connection (<--- this is how others can download from you!).
> Once you see those ports, all you have to do is close those 2 ports and the
> napster application will be useless!.
>
> --Michael H.
>
> -----Original Message-----
> From: Michael Tench [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 28, 2000 8:12 AM
> To: Gijs Wuyts; 'Mike Anning'; [EMAIL PROTECTED]
> Subject: RE: [FW1] Napster
>
>
>
> Instead of worrying about the ports these programs use (some of these
> utilities will use what ever port you have open), I would reccommend
> changing your security stance. I.E....I do not allow any workstations on my
> network to have direct outbound access. I only allow a proxy to have
> outbound access through FW1...the proxy can then filter at the application
> layer.
> Additionally, a security policy should be "deny all except what is required"
> that way you are already denying access to various "esoteric" ports.
> I know this wasn't what you asked, but believe me...it will save you alot of
> heartache at a later date.
>
> Michael Tench
> Yeah I have a whole lot of alphabet soup after my name too...so what..
> certifications mean nothing. Real world knowledge mean everything.
>
> On Fri, 28 Jul 2000 13:42:55 +0200, Gijs Wuyts wrote:
>
> >
> > First posting, so ignore my level of knowledge...
> >
> > Is there a comprehensive resources regarding ports for exotic
> applications
> > like these.
> > Most protocols I can find via ietf, but e.g. I don't think Napster, etc
> are
> > using ports described via RFC's?
> >
> > Gijs
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike
> > Anning
> > Sent: Friday, July 28, 2000 10:31 AM
> > To: [EMAIL PROTECTED]
> > Subject: [FW1] Napster
> >
> >
> >
> >
> >
> > So it seems, according to CNN, that the battle is finally won.... but the
> > war is
> > far from over!
> >
> >
> ----------------------------------------------------------------------------
> > -----
> > DISCLAIMER:
> > This E-mail is strictly confidential and intended solely for the
> addressee.
> > It may contain information that is covered by legal, professional or
> other
> > privilege. If you are not the intended addressee you must not use,
> disclose
> > or
> > copy this transmission.
> >
> > This E-mail is not intended to impose nor shall it be construed as
> imposing
> > any
> > legally binding obligation upon CHEP and/or any of its subsidiaries or
> > associated companies.
> >
> > Neither CHEP nor any of its subsidiaries or associated companies gives
> any
> > representation or warranty as to the accuracy or completeness of the
> > contents of
> > this E-mail.
> >
> > CHEP shall not be held liable to any person resulting from the use of any
> > information contained in this E-mail and shall not be liable to any
> person
> > who
> > acts or omits to do anything in reliance upon it.
> >
> >
> >
> >
> >
> ============================================================================
> > ====
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> > ====
> >
> >
> >
> >
> ============================================================================
> ====
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
>
>
> Michael Tench
>
>
>
>
>
> _______________________________________________________
> Say Bye to Slow Internet!
> http://www.home.com/xinbox/signup.html
>
>
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
>
> ============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
