Blocking Napster is going to be moot as of midnight tonight, unless a
miracle happens. Napster will be shutting down at Midnight tonite..
-----Original Message-----
From: Michael Hernandez [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 28, 2000 12:22 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [FW1] Napster
Use Client Auth with specific and then enter the port to test it..
--Michael
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 28, 2000 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [FW1] Napster
Can anyone suggest method of adequately testing these port numbers?
-----Original Message-----
From: Michael Hernandez [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 28, 2000 8:54 AM
To: 'Michael Tench'; Gijs Wuyts; 'Mike Anning';
[EMAIL PROTECTED]
Subject: RE: [FW1] Napster
Just to add a little more, as Michael Tench said real world counts, and
after serving 10 years in the Navy working in NOC's I can say that besides
agreeing with his approach you may also opt for an easier way, meaning setup
a single rule with your workstation and on the log filter only
outbound/inbound traffic as you hit napster, you'll notice napster will open
2 ports initially, one port is a UDP port which queries for a napster
server, once found then send another request via TCP (on a different port)
to establish a connection (<--- this is how others can download from you!).
Once you see those ports, all you have to do is close those 2 ports and the
napster application will be useless!.
--Michael H.
-----Original Message-----
From: Michael Tench [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 28, 2000 8:12 AM
To: Gijs Wuyts; 'Mike Anning'; [EMAIL PROTECTED]
Subject: RE: [FW1] Napster
Instead of worrying about the ports these programs use (some of these
utilities will use what ever port you have open), I would reccommend
changing your security stance. I.E....I do not allow any workstations on my
network to have direct outbound access. I only allow a proxy to have
outbound access through FW1...the proxy can then filter at the application
layer.
Additionally, a security policy should be "deny all except what is required"
that way you are already denying access to various "esoteric" ports.
I know this wasn't what you asked, but believe me...it will save you alot of
heartache at a later date.
Michael Tench
Yeah I have a whole lot of alphabet soup after my name too...so what..
certifications mean nothing. Real world knowledge mean everything.
On Fri, 28 Jul 2000 13:42:55 +0200, Gijs Wuyts wrote:
>
> First posting, so ignore my level of knowledge...
>
> Is there a comprehensive resources regarding ports for exotic
applications
> like these.
> Most protocols I can find via ietf, but e.g. I don't think Napster, etc
are
> using ports described via RFC's?
>
> Gijs
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mike
> Anning
> Sent: Friday, July 28, 2000 10:31 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Napster
>
>
>
>
>
> So it seems, according to CNN, that the battle is finally won.... but the
> war is
> far from over!
>
>
----------------------------------------------------------------------------
> -----
> DISCLAIMER:
> This E-mail is strictly confidential and intended solely for the
addressee.
> It may contain information that is covered by legal, professional or
other
> privilege. If you are not the intended addressee you must not use,
disclose
> or
> copy this transmission.
>
> This E-mail is not intended to impose nor shall it be construed as
imposing
> any
> legally binding obligation upon CHEP and/or any of its subsidiaries or
> associated companies.
>
> Neither CHEP nor any of its subsidiaries or associated companies gives
any
> representation or warranty as to the accuracy or completeness of the
> contents of
> this E-mail.
>
> CHEP shall not be held liable to any person resulting from the use of any
> information contained in this E-mail and shall not be liable to any
person
> who
> acts or omits to do anything in reliance upon it.
>
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
Michael Tench
_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
