One minor miracle, coming up...
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Frank Darden <[EMAIL PROTECTED]> 07/28/00 01:46PM >>>
>
>Blocking Napster is going to be moot as of midnight tonight, unless a
>miracle happens. Napster will be shutting down at Midnight tonite..
>
>-----Original Message-----
>From: Michael Hernandez [mailto:[EMAIL PROTECTED]]
>Sent: Friday, July 28, 2000 12:22 PM
>To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
>Subject: RE: [FW1] Napster
>
>Use Client Auth with specific and then enter the port to test it..
>
>--Michael
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Friday, July 28, 2000 10:02 AM
>To: [EMAIL PROTECTED]
>Subject: RE: [FW1] Napster
>
>Can anyone suggest method of adequately testing these port numbers?
>
>-----Original Message-----
>From: Michael Hernandez [mailto:[EMAIL PROTECTED]]
>Sent: Friday, July 28, 2000 8:54 AM
>To: 'Michael Tench'; Gijs Wuyts; 'Mike Anning';
>[EMAIL PROTECTED]
>Subject: RE: [FW1] Napster
>
>Just to add a little more, as Michael Tench said real world counts, and
>after serving 10 years in the Navy working in NOC's I can say that besides
>agreeing with his approach you may also opt for an easier way, meaning setup
>a single rule with your workstation and on the log filter only
>outbound/inbound traffic as you hit napster, you'll notice napster will open
>2 ports initially, one port is a UDP port which queries for a napster
>server, once found then send another request via TCP (on a different port)
>to establish a connection (<--- this is how others can download from you!).
>Once you see those ports, all you have to do is close those 2 ports and the
>napster application will be useless!.
>
>--Michael H.
>
>-----Original Message-----
>From: Michael Tench [mailto:[EMAIL PROTECTED]]
>Sent: Friday, July 28, 2000 8:12 AM
>To: Gijs Wuyts; 'Mike Anning'; [EMAIL PROTECTED]
>Subject: RE: [FW1] Napster
>
>Instead of worrying about the ports these programs use (some of these
>utilities will use what ever port you have open), I would reccommend
>changing your security stance. I.E....I do not allow any workstations on my
>network to have direct outbound access. I only allow a proxy to have
>outbound access through FW1...the proxy can then filter at the application
>layer.
>Additionally, a security policy should be "deny all except what is required"
>that way you are already denying access to various "esoteric" ports.
>I know this wasn't what you asked, but believe me...it will save you alot of
>heartache at a later date.
>
>Michael Tench
>Yeah I have a whole lot of alphabet soup after my name too...so what..
>certifications mean nothing. Real world knowledge mean everything.
>
>On Fri, 28 Jul 2000 13:42:55 +0200, Gijs Wuyts wrote:
>
>>
>> First posting, so ignore my level of knowledge...
>>
>> Is there a comprehensive resources regarding ports for exotic
>applications
>> like these.
>> Most protocols I can find via ietf, but e.g. I don't think Napster, etc
>are
>> using ports described via RFC's?
>>
>> Gijs
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Mike
>> Anning
>> Sent: Friday, July 28, 2000 10:31 AM
>> To: [EMAIL PROTECTED]
>> Subject: [FW1] Napster
>>
>>
>> So it seems, according to CNN, that the battle is finally won.... but the
>> war is
>> far from over!
>>
>>
>
>Michael Tench
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
