Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629]
Just a note, that people can shoose other ports to get to the AIM services. Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1629t=1629 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1639]
This has actually come up again in the discussion. If u want to block AIM outgoing from ur network, u should try to block the IP Addresses of the login server of AIM which is login.oscar.aol.com The AIM App is designed to scan for ports other than 5190 to login to the server, so port blocking will not work always. Sincerely, KEYUR LAVINGIA Network Engineer Peak XV Networks San Ramon, CA 94583. W - 925.242.7492 C - 925.699.8855 [EMAIL PROTECTED] www.peakxv.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629] Just a note, that people can shoose other ports to get to the AIM services. Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1639t=1639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1650]
Check out this article http://www.networkmagazine.com/article/NMG20010319S0002 Instead of creating extended ACLs they set up a server running CheckPoint software. It filters files by their type and sets priorities on them, so you can set up the lowest priority for mp3 files. Anyway check out the article, you might find it useful. -- Kind regards, Alexander N. Khramov, CCNA Student Technical Consultant NSU, Computing and Telecommunications [EMAIL PROTECTED] Keyur Lavingia wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This has actually come up again in the discussion. If u want to block AIM outgoing from ur network, u should try to block the IP Addresses of the login server of AIM which is login.oscar.aol.com The AIM App is designed to scan for ports other than 5190 to login to the server, so port blocking will not work always. Sincerely, KEYUR LAVINGIA Network Engineer Peak XV Networks San Ramon, CA 94583. W - 925.242.7492 C - 925.699.8855 [EMAIL PROTECTED] www.peakxv.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629] Just a note, that people can shoose other ports to get to the AIM services. Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1650t=1650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1654]
Indeed this has come up regularly. I remain skeptical that placing the burden for enforcing policy such as this lies with the firewall and the firewall administrators. OK, so you block Napster and AOL. Now then, what about E-trade? Yahoo? Merrill Lynch, Dilbert.com? not to mention the various picture sites that so many disapprove of. How about all the radio stations people are listening to over the net? Now, what happens when some person or business unit has a good business reason for accessing AOL or other sights that you are blocking on your firewall? I'm talking to the wind, I suppose, but my first question when this topic comes up, is what is the written policy regarding internet access? the second question is will management pay for what it requires to accomplish this policy? But relying on port blocking, or address blocking, or domain name blocking, on a case by case basis seems a bit shortsighted. JMHO Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Keyur Lavingia Sent: Monday, April 23, 2001 12:41 PM To: [EMAIL PROTECTED] Subject:RE: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1639] This has actually come up again in the discussion. If u want to block AIM outgoing from ur network, u should try to block the IP Addresses of the login server of AIM which is login.oscar.aol.com The AIM App is designed to scan for ports other than 5190 to login to the server, so port blocking will not work always. Sincerely, KEYUR LAVINGIA Network Engineer Peak XV Networks San Ramon, CA 94583. W - 925.242.7492 C - 925.699.8855 [EMAIL PROTECTED] www.peakxv.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629] Just a note, that people can shoose other ports to get to the AIM services. Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1654t=1654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1670]
Ditto. Get a written policy established first, and unless you're dealing with schoolage kids, a few rumors spread about the internet access being logged should deter most (and syslogging isn't that hard). The rest, well their managers can deal with when presented with the logs. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Indeed this has come up regularly. I remain skeptical that placing the burden for enforcing policy such as this lies with the firewall and the firewall administrators. OK, so you block Napster and AOL. Now then, what about E-trade? Yahoo? Merrill Lynch, Dilbert.com? not to mention the various picture sites that so many disapprove of. How about all the radio stations people are listening to over the net? Now, what happens when some person or business unit has a good business reason for accessing AOL or other sights that you are blocking on your firewall? I'm talking to the wind, I suppose, but my first question when this topic comes up, is what is the written policy regarding internet access? the second question is will management pay for what it requires to accomplish this policy? But relying on port blocking, or address blocking, or domain name blocking, on a case by case basis seems a bit shortsighted. JMHO Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Keyur Lavingia Sent: Monday, April 23, 2001 12:41 PM To: [EMAIL PROTECTED] Subject: RE: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1639] This has actually come up again in the discussion. If u want to block AIM outgoing from ur network, u should try to block the IP Addresses of the login server of AIM which is login.oscar.aol.com The AIM App is designed to scan for ports other than 5190 to login to the server, so port blocking will not work always. Sincerely, KEYUR LAVINGIA Network Engineer Peak XV Networks San Ramon, CA 94583. W - 925.242.7492 C - 925.699.8855 [EMAIL PROTECTED] www.peakxv.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or [7:1629] Just a note, that people can shoose other ports to get to the AIM services. Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1670t=1670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Kevin, While the port-blocking access-lists will work for most users, many users and applications will know to use alternate ports to gain connectivity. AIM, for example, uses port 5190 by default, though you can simply change it to port 80, if so desired. Same thing for Napster. The best, and maybe only, solution is to block the url or the IP range the servers are in. We're blocking the IP range for Napster (don't recall what it is off the top of my head) and it works like a charm. We currently do not block AIM, but you can probably simply block login.oscar.aol.com. As far as RADIUS TACACS, you'll probably have a hard time finding a shareware/freeware version of TACACS for NT, though RADIUS seems to be somewhat more available. Cisco has their ACS product, which does TACACS RADIUS, and runs on NT/2000. It's real easy to setup (about 30 mins from setup.exe to TACACS logins). I'd check the search engines for 'shareware /or freeware RADIUS'. If you really want TACACS, and are on a budget, you might want to check out some of the freeware Linux versions, there are many. Of course, you'd need to setup a Linux box. HTH Bob Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Hi If you are running Linux or UNIX it is very easy to find TACACS+ as a freeware. Likely there are a couple of WinIntel freeware versions too, though I haven't looked for a WinIntel version. I installed tac_plus for Redhat and am using it in production. It can be found with just about any search engine, or www.rpmfind.com. It is pretty easy to setup and configure too. As for using TACACS+ or RADIUS, TAC has some very good docs, and samples for config's on the PIX and switches and routers. HTH -- John Hardman CCNP MCSE ""Bob Timmons"" [EMAIL PROTECTED] wrote in message 9an562$kg0$[EMAIL PROTECTED]">news:9an562$kg0$[EMAIL PROTECTED]... Kevin, --Snip-- As far as RADIUS TACACS, you'll probably have a hard time finding a shareware/freeware version of TACACS for NT, though RADIUS seems to be somewhat more available. Cisco has their ACS product, which does TACACS RADIUS, and runs on NT/2000. It's real easy to setup (about 30 mins from setup.exe to TACACS logins). I'd check the search engines for 'shareware /or freeware RADIUS'. If you really want TACACS, and are on a budget, you might want to check out some of the freeware Linux versions, there are many. Of course, you'd need to setup a Linux box. HTH Bob Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blocking Napster and Aol on Pix config/Setting up Tacus or Radius
Before I ask this question I would like to give something back, below is the config to block aim and napster: access-list acl_out deny tcp any any eq 5190 access-list acl_out deny tcp any any eq 8875 access-list acl_out deny tcp any any eq access-list acl_out deny tcp any any eq 6699 access-list acl_out deny tcp any any eq access-group acl_out in interface inside access-list acl_out permit tcp any any access-list acl_out permit ip any any Now I would like to setup a Tacus+ or Radius Server on My network I have a widows 2000 domain and I am unsure of how to do this. Please advise. TIA, Kevin _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Napster internet technology
I am performing research into the technical underpinnings of the Napster program that allows a desktop machine the ability to utilize desktop and internet tools to deliver a truly distributed Internet application. Can anyone assist me by provide technical information on the Napster program? Listed below are specific questions. 1. What development application was used to develop Napster? 2. How does Napster use TCP to distribute software? (i.e. port numbering information, application layer routing) Thanks! Bandele Hinton Motorola Corporation 630-353-8286 (office) 877-992-7925 (pager) [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster internet technology
Suggestions: 1. Contact Napster re:development tool, though I think that it is irrelevent (development tools are a personal preference, any number of tools could get you there with the goal clearly defined) 2. Do a few sniffer traces of the application in action in a test lab environment. You'll see quite clearly what it does... 3. Audit a University course on distributed computing. Much will be revealed in terms of strategy and skill required. Good Luck! Z From: Hinton Bandele-NBH281 [EMAIL PROTECTED] Reply-To: Hinton Bandele-NBH281 [EMAIL PROTECTED] To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED] Subject: Napster internet technology Date: Mon, 26 Feb 2001 10:29:01 -0600 I am performing research into the technical underpinnings of the Napster program that allows a desktop machine the ability to utilize desktop and internet tools to deliver a truly distributed Internet application. Can anyone assist me by provide technical information on the Napster program? Listed below are specific questions. 1. What development application was used to develop Napster? 2. How does Napster use TCP to distribute software? (i.e. port numbering information, application layer routing) Thanks! Bandele Hinton Motorola Corporation 630-353-8286 (office) 877-992-7925 (pager) [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster internet technology
go download openNap and look at the source-code, that should pretty much explain 99% of your questions. Hinton Bandele-NBH281 [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am performing research into the technical underpinnings of the Napster program that allows a desktop machine the ability to utilize desktop and internet tools to deliver a truly distributed Internet application. Can anyone assist me by provide technical information on the Napster program? Listed below are specific questions. 1. What development application was used to develop Napster? 2. How does Napster use TCP to distribute software? (i.e. port numbering information, application layer routing) Thanks! Bandele Hinton Motorola Corporation 630-353-8286 (office) 877-992-7925 (pager) [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TCP port for Napster
Napster seems to use a wide range of ports, whatever it finds available. The only successful way that I have found to block Napster is to block the server IP addresses, which are actually found in two blocks. deny ip any 208.184.216.0 0.0.0.255 log deny ip any 64.124.41.0 0.0.0.255 log permit ip any any -gb [EMAIL PROTECTED] wrote: I researched this and Napsters TCP port is 6699 not 6969. Hope this Helps. ---R N--- GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/tagj. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TCP port for Napster
I researched this and Napsters TCP port is 6699 not 6969. Hope this Helps. ---R N--- GET INTERNET ACCESS FROM JUNO! Juno offers FREE or PREMIUM Internet access for less! Join Juno today! For your FREE software, visit: http://dl.www.juno.com/get/tagj. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster = has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you = would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is = the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block = most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do = not do.. the users should also be held responsible. Put a political policy = in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the = main napster servers and will not block access to other napster servers, such = as, opennap, which can be found easily by using the napigator program. The = best way to block Napster is to block the ports that the client uses which = are ,,,. Don't quote me on these ports because I can't find = my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just = implemented it this morning and it seems to working here. If you are using PIX = firewall (or any other) create an access list using the outbound and apply = commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri = --- This email is composed of 82% post consumer recycled data bits = --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _= Get Your Private, Free E-mail from MSN Hotmail at = http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster block
Which firewall are you using? I've blocked my users from napster using the PIX outbound command. ""Dave Malik"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... htmlDIVDoes anyone know what TCP or UDP ports need to be blocked on a firewall to prevent users on a network from accessing Napster??/DIV DIVnbsp;/DIV DIVAny comments would be appreciated./DIV DIVnbsp;/DIV DIVRegards,/DIV DIVDave/DIV DIVnbsp;/DIVbr clear=allhrGet more from the Web. FREE MSN Explorer download : a href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster block
HTML is ugly... I've found blocking the following ports does not prevent them from downloading, but after they disconnect they never will be able to connect again to do a search. 8875, , . Joey -Original Message- From: Dave Malik [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 07, 2000 11:50 PM To: [EMAIL PROTECTED] Subject: Napster block htmlDIVDoes anyone know what TCP or UDP ports need to be blocked on a firewall to prevent users on a network from accessing Napster??/DIV DIVnbsp;/DIV DIVAny comments would be appreciated./DIV DIVnbsp;/DIV DIVRegards,/DIV DIVDave/DIV DIVnbsp;/DIVbr clear=allhrGet more from the Web. FREE MSN Explorer download : a href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster block
Me too. I used outbound on my PIX by IP addr. -Original Message- From: Eddie Parra [mailto:[EMAIL PROTECTED]] Sent: Friday, December 08, 2000 10:52 AM To: Patrick Bass; [EMAIL PROTECTED] Subject: RE: Napster block How did you do that? Napster isn't port based... Napster can use ANY TCP port? You can set the Napster client to port 80 (HTTP) and it works fine. -Eddie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Bass Sent: Friday, December 08, 2000 9:35 AM To: [EMAIL PROTECTED] Subject: Re: Napster block Which firewall are you using? I've blocked my users from napster using the PIX outbound command. ""Dave Malik"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... htmlDIVDoes anyone know what TCP or UDP ports need to be blocked on a firewall to prevent users on a network from accessing Napster??/DIV DIVnbsp;/DIV DIVAny comments would be appreciated./DIV DIVnbsp;/DIV DIVRegards,/DIV DIVDave/DIV DIVnbsp;/DIVbr clear=allhrGet more from the Web. FREE MSN Explorer download : a href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster block
Websense is another such product. -Original Message- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Friday, December 08, 2000 9:29 AM To: Eddie Parra; Patrick Bass; [EMAIL PROTECTED] Subject: RE: Napster block As part of some research I have been doing to address some issues I have with a particular customer security design, I've been spending a bit of time at www.trusecure.com , and the related interests Information Security Magazine and the ICSA test labs. What I have read there leads me to believe that it is damn near impossible to enforce any kind of real complex security policy on a purely hardware based firewall. Too many bad things are starting to happen using ports 20, 21, 25, 53, and 80 - all ports that in general must be left open for legitimate company web use. For good reasons and evil, app developers are now writing their apps to use these ports, rather than leave them for their intended purposes. There are a couple of companies that offer server based software that inspect and block forbidden sites and content. I believe one of the companies offering such a product is WebSecure. Sorry, I can't find my literature that I picked up at Networkers. But the point is that in order to stop any number of services that violate policy, it is no longer enough to try to block a couple of ports. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Eddie Parra Sent: Friday, December 08, 2000 8:52 AM To: Patrick Bass; [EMAIL PROTECTED] Subject: RE: Napster block How did you do that? Napster isn't port based... Napster can use ANY TCP port? You can set the Napster client to port 80 (HTTP) and it works fine. -Eddie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Bass Sent: Friday, December 08, 2000 9:35 AM To: [EMAIL PROTECTED] Subject: Re: Napster block Which firewall are you using? I've blocked my users from napster using the PIX outbound command. ""Dave Malik"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... htmlDIVDoes anyone know what TCP or UDP ports need to be blocked on a firewall to prevent users on a network from accessing Napster??/DIV DIVnbsp;/DIV DIVAny comments would be appreciated./DIV DIVnbsp;/DIV DIVRegards,/DIV DIVDave/DIV DIVnbsp;/DIVbr clear=allhrGet more from the Web. FREE MSN Explorer download : a href="http://explorer.msn.com"http://explorer.msn.com/abr /p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster block
As part of some research I have been doing to address some issues I have with a particular customer security design, I've been spending a bit of time at www.trusecure.com , and the related interests Information Security Magazine and the ICSA test labs. What I have read there leads me to believe that it is damn near impossible to enforce any kind of real complex security policy on a purely hardware based firewall. Too many bad things are starting to happen using ports 20, 21, 25, 53, and 80 - all ports that in general must be left open for legitimate company web use. For good reasons and evil, app developers are now writing their apps to use these ports, rather than leave them for their intended purposes. There are a couple of companies that offer server based software that inspect and block forbidden sites and content. I believe one of the companies offering such a product is WebSecure. Sorry, I can't find my literature that I picked up at Networkers. But the point is that in order to stop any number of services that violate policy, it is no longer enough to try to block a couple of ports. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Eddie Parra Sent: Friday, December 08, 2000 8:52 AM To: Patrick Bass; [EMAIL PROTECTED] Subject:RE: Napster block How did you do that? Napster isn't port based... Napster can use ANY TCP port? You can set the Napster client to port 80 (HTTP) and it works fine. -Eddie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Bass Sent: Friday, December 08, 2000 9:35 AM To: [EMAIL PROTECTED] Subject: Re: Napster block Which firewall are you using? I've blocked my users from napster using the PIX outbound command. ""Dave Malik"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... htmlDIVDoes anyone know what TCP or UDP ports need to be blocked on a firewall to prevent users on a network from accessing Napster??/DIV DIVnbsp;/DIV DIVAny comments would be appreciated./DIV DIVnbsp;/DIV DIVRegards,/DIV DIVDave/DIV DIVnbsp;/DIVbr clear=allhrGet more from the Web. FREE MSN Explorer download : a href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster block
Good point, Chuck! It gets harder and harder to stay ahead of the wolves. I get to thinking every once in awhile in my darker IT moods that defending against the "Net Evil" out there (real and perceived) will eventually render the Internet unusable. Interestingly, the SANS folks (www.sans.org) point that one of the seven worst security mistakes senior executives make is "relying primarily on a firewall." -Austin _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Napster block
htmlDIVDoes anyone know what TCP or UDP ports need to be blocked on a firewall to prevent users on a network from accessing Napster??/DIV DIVnbsp;/DIV DIVAny comments would be appreciated./DIV DIVnbsp;/DIV DIVRegards,/DIV DIVDave/DIV DIVnbsp;/DIVbr clear=allhrGet more from the Web. FREE MSN Explorer download : a href="http://explorer.msn.com"http://explorer.msn.com/abr/p/html _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster Question
I'll agree with Jeff in that Napters/Scour or any client/server technology can use HTTP to transfer files across most firewalls. But even with MIME content-type filtering, this would not prevent someone from sending a MP3 declared as a GIF between custom "web" clients and servers. The only way fully block Web based Napster types is to look inside the MIME files further to detect MP3 patterns (are there any?) in the files (yuck) or return to text only (with tags of course). There goes the GIFs :-) Or we can adapt to the situation and seriously examine of efficiency and cost of the current music distribution "INDUSTRY". Personally, "I want to pay for the songs I listen and I also want to pay for people creating playlists. Lastly, I'll pay for the delivery (the Internet), [has anyone figure out what a 10 minute songs costs in terms of bandwidth? MP3 would chew up our link if we didn't limit it through QOS.] I'll give each of these portions of the music delivery a few cents" In sort: "Take the INDUSTRY out of the RECORDING" nuff rambling. The Internet: Resistance is futile, you have already been assimilated :) [EMAIL PROTECTED] On Tue, 3 Oct 2000, Jeff Kell wrote: Date: Tue, 03 Oct 2000 22:23:10 -0400 From: Jeff Kell [EMAIL PROTECTED] To: Tom Pruneau [EMAIL PROTECTED] Cc: "Dorroh, Hunter" [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Napster Question Tom Pruneau wrote: How about just permitting established connections. That should do it, only allowing responses to you requests You're missing the point. Napster can work around much of this. Scour certainly can (it has "push" capability, using an established connection), and Scour fully supports HTTP protocol. You would have to filter based on HTTP transfer, and MIME content-type to really block it completely. Blocking access to the "Napster" servers only blocks access to the index servers. Actual file transfers don't involve the Napster netblock (AFAIK). Then there is Napigator (out-of-band Napster index servers). It will likely only get worse :-( Jeff Kell [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
How about just permitting established connections. That should do it, only allowing responses to you requests At 12:16 AM 10/03/2000 -0400, Dorroh, Hunter wrote: Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. Any thoughts on how to allow this to happen via PIX or IOS FW? I was thinking this might limit a company's legal exposure. Thanks, Hunter -Original Message- From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 3:49 PM To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UP
RE: Napster Question
I think the key is to allow outbound packets to the Napster servers and other PCs on the Internet, but not allowing external PCs to establish a connection to your users' PCs. Find out the ports that a PC running Napster is listening on, and then block those at the FW. A PIX should do this by default, unless you specifically added a conduit statement to allow Napster. The access list on the outside interface of a router with FW FS should not allow inbound Napster connections. On the Napster client, you'll need to pick the 'I'm behind a firewall, and can't do anything about it' (or something like that) option. I'm blocking Napster both ways at work, so I can't test it for you. HTH Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
Hello Hunter, You'll need a FW that is Content Aware. PIX is fine, but I don't think the IOS FW feature can do that at this time. The reason for that (Content Aware) is because you'll need to look into the packet (i.e. L5-7) in order to see if the user is doing a "get" or "put" (for FTP/HTTP for example). I'm not sure what protocols NAPSTER uses, but from the previous answers, it's my understanding that it will use http as one of the options. If so, depending how your rules look today, you'll need a rule to deny http put or post to the NAPSTER servers (IPs) before the rule that allows http traffic to the internet in addition to any other protocol that NAPSTER might use. I never used PIX (my background is Checkpoint FW-1) so I cannot tell you the syntax, but the logic is the same for every FW. Checkpoint call it Content Security. Good luck. -Original Message- From: Dorroh, Hunter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 03, 2000 12:17 AM To: [EMAIL PROTECTED] Subject: RE: Napster Question Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. Any thoughts on how to allow this to happen via PIX or IOS FW? I was thinking this might limit a company's legal exposure. Thanks, Hunter -Original Message- From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 3:49 PM To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and s
RE: Napster Question
I just want to configure my client to connect to the napster server. "Spolidoro, Guilherme" [EMAIL PROTECTED] 10/03/00 09:20AM Hello Hunter, You'll need a FW that is Content Aware. PIX is fine, but I don't think the IOS FW feature can do that at this time. The reason for that (Content Aware) is because you'll need to look into the packet (i.e. L5-7) in order to see if the user is doing a "get" or "put" (for FTP/HTTP for example). I'm not sure what protocols NAPSTER uses, but from the previous answers, it's my understanding that it will use http as one of the options. If so, depending how your rules look today, you'll need a rule to deny http put or post to the NAPSTER servers (IPs) before the rule that allows http traffic to the internet in addition to any other protocol that NAPSTER might use. I never used PIX (my background is Checkpoint FW-1) so I cannot tell you the syntax, but the logic is the same for every FW. Checkpoint call it Content Security. Good luck. -Original Message- From: Dorroh, Hunter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 03, 2000 12:17 AM To: [EMAIL PROTECTED] Subject: RE: Napster Question Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. Any thoughts on how to allow this to happen via PIX or IOS FW? I was thinking this might limit a company's legal exposure. Thanks, Hunter -Original Message- From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 3:49 PM To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question The list went through this several times already. Blocking ports , , , 7777 is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more info
RE: Napster Question
I know very little about the PIX firewalls, (Though I'd love to learn!) What we've done at our location is to Block all of the Ip's belonging to Napster.com, and we scan the users home directories for MP3's at night when we do the backup. If any are found, the owner of the file is contacted, Warned that they are in violation of the Microcomputer Standards Agreement, and give them the opportunity to contribute to the "Buy more Internet Bandwidth" fund. (Then we randomly delete files from their PC over the next few weeks without their knowledge. When it breaks, we blame Napster!) Wait, no... that's what I wish we could do. Really we just block the napster.com Ip's. Good luck [EMAIL PROTECTED] Original Message Follows From: "Dorroh, Hunter" [EMAIL PROTECTED] To: 'Ejay Hire' [EMAIL PROTECTED] Subject: RE: Napster Question Date: Tue, 3 Oct 2000 11:06:33 -0400 Ejay, Using the PIX 520 would I be able to use content checking i.e. L5-7 and stop it then? That darn tricky software... we must stop it now :) Hunter -Original Message- From: Ejay Hire [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 03, 2000 11:00 AM To: [EMAIL PROTECTED] Subject: RE: Napster Question Napster is a very dynamic piece of software. If you deny incoming connections on the napster File Transfer ports, but allow established, then the Napster software inside your network will open a connection for the transfer and then let the client download. Very sneaky/cool. Original Message Follows From: "Dorroh, Hunter" [EMAIL PROTECTED] Reply-To: "Dorroh, Hunter" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Tue, 3 Oct 2000 00:16:48 -0400 Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. Any thoughts on how to allow this to happen via PIX or IOS FW? I was thinking this might limit a company's legal exposure. Thanks, Hunter -Original Message- From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 3:49 PM To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question The list went through this several times already. Blocking ports , 5555, , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to bloc
Re: Napster Question
Tom Pruneau wrote: How about just permitting established connections. That should do it, only allowing responses to you requests You're missing the point. Napster can work around much of this. Scour certainly can (it has "push" capability, using an established connection), and Scour fully supports HTTP protocol. You would have to filter based on HTTP transfer, and MIME content-type to really block it completely. Blocking access to the "Napster" servers only blocks access to the index servers. Actual file transfers don't involve the Napster netblock (AFAIK). Then there is Napigator (out-of-band Napster index servers). It will likely only get worse :-( Jeff Kell [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster Question
Tom Pruneau wrote: How about just permitting established connections. That should do it, only allowing responses to you requests You're missing the point. Napster can work around much of this. Scour certainly can (it has "push" capability, using an established connection), and Scour fully supports HTTP protocol. You would have to filter based on HTTP transfer, and MIME content-type to really block it completely. Blocking access to the "Napster" servers only blocks access to the index servers. Actual file transfers don't involve the Napster netblock (AFAIK). Then there is Napigator (out-of-band Napster index servers). It will likely only get worse :-( Jeff Kell [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster Question
The easiest way to circumvent the whole napster problem is to put into effect a security policy that states that anyone caught downloading .mp3's and anything else similar in function will be held accountable with their jobs etc. Just make sure you get the backing of the big-wigs before you go yelling. - Original Message - From: Jeff Kell [EMAIL PROTECTED] To: Tom Pruneau [EMAIL PROTECTED] Cc: Dorroh, Hunter [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 03, 2000 7:20 PM Subject: Re: Napster Question Tom Pruneau wrote: How about just permitting established connections. That should do it, only allowing responses to you requests You're missing the point. Napster can work around much of this. Scour certainly can (it has "push" capability, using an established connection), and Scour fully supports HTTP protocol. You would have to filter based on HTTP transfer, and MIME content-type to really block it completely. Blocking access to the "Napster" servers only blocks access to the index servers. Actual file transfers don't involve the Napster netblock (AFAIK). Then there is Napigator (out-of-band Napster index servers). It will likely only get worse :-( Jeff Kell [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
Is anybody having problems connecting to the napster server? I sure am. Any ideas? "Hal White" [EMAIL PROTECTED] 09/29/00 03:14PM I found my documentation and of course my memory had failed me. The ports for napster are ,6699,,9009. I think blocking these will disable napster. From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
Hello everyone, I searched through the archives and found lots of good information on blocking but I did not see anything on the possibility of allowing users to connect to Napster and download music but NOT be permitted to upload. Any thoughts on how to allow this to happen via PIX or IOS FW? I was thinking this might limit a company's legal exposure. Thanks, Hunter -Original Message- From: Trevor Corness, CCNA [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 3:49 PM To: Hal White; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Napster Question
Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
Title: RE: Napster Question If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- Once in a while you get shown the light in the strangest of places if you look at it right **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
I found my documentation and of course my memory had failed me. The ports for napster are ,6699,,9009. I think blocking these will disable napster. From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster Question
The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. Also, besides blocking the access to the main Napster sites will block most users, and for those that go around it, there should be a user policy in place. It is not totally your job to govern what the users do and do not do.. the users should also be held responsible. Put a political policy in place, and if it is broken by a user by using something such as opennap, discipline from management will solve this issue. Regards, Trevor Corness, CCNA MCSE MCP+I Network Systems Engineer, DataCom BMS Communications Ltd. http://www.bmscom.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hal White Sent: Friday, September 29, 2000 11:55 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Napster Question Blocking these IP addresses will only block users from accessing the main napster servers and will not block access to other napster servers, such as, opennap, which can be found easily by using the napigator program. The best way to block Napster is to block the ports that the client uses which are ,,,. Don't quote me on these ports because I can't find my documentation at the moment, but I think they are right. Hal From: "Fowler, Joey" [EMAIL PROTECTED] Reply-To: "Fowler, Joey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Napster Question Date: Fri, 29 Sep 2000 13:15:19 -0400 If you search the archives it has some info on this, but I just implemented it this morning and it seems to working here. If you are using PIX firewall (or any other) create an access list using the outbound and apply commands to block the following addresses: 208.184.216.0 /24 208.178.167.0 /24 208.178.163.61 208.184.175.130 208.184.175.131 208.184.175.132 208.184.175.134 208.49.239.242 208.49.239.247 208.49.239.248 People will start wandering by your desk asking if you've ever heard a program called Napster. I personally like to dumb. Joey -Original Message- From: Tom Pruneau [mailto:[EMAIL PROTECTED]] Sent: Friday, September 29, 2000 12:29 PM To: [EMAIL PROTECTED] Subject: Napster Question Greetings Group Does anyone know what ports Napster usies for handshaking? Inbound, outbound port number? What would it take to block Napster? Thanks Tom Pruneau Trainer Network Operations GENUITY 3 Van de Graff Drive Burlington Ma. 01803 24 Hr. Network Operations Center 800-436-8489 If you need to get a hold of me my hours are 7AM-3PM ET Mon-Fri --- This email is composed of 82% post consumer recycled data bits --- "Once in a while you get shown the light in the strangest of places if you look at it right" **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] BEGIN:VCARD VERSION:2.1 N:Corness;Trevor FN:Trevor Corness ORG:BMS Communications;DataCom TITLE:Network Systems Engineer TEL;PAGER;VOICE:604-631-7867 ADR;WORK:;;2880 Production Way;Burnaby;BC;V5A4T6;Canada LABEL;WORK;ENCODING=QUOTED-PRINTABLE:2880 Production Way=0D=0ABurnaby, BC V5A4T6=0D=0ACanada URL: URL:http://www.bmscom.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:2921T155409Z END:VCARD
Re: Napster Question
"Trevor Corness, CCNA" wrote: The list went through this several times already. Blocking ports , , , is useless.. since Beta6, Napster has been able to work on ANY port, INCLUDING 80.. so to kill Napster, you would have to kill all access to http/tcp80.. NOT good. Blocking the IPs is the best and most thorough solution at this time. The closest "block" would be to negate my access list below, but this list is what we have used to at least get an idea of the level of Napster use. My comments thrown in: Extended IP access list ingress-filter (well, a piece of it) ! real-time streaming protocol permit tcp any eq 554 any (1313 matches) ! default Scour port if I recall correctly permit tcp any eq 1863 any (1591 matches) ! to signon to the Napster service defaults to port 8875; usually ! just one or a few packets to establish a signon and get an index ! server permit tcp any eq 8875 any log-input (222 matches) ! Index servers typically on //// permit tcp any eq any (10200 matches) permit tcp any eq any (6719 matches) permit tcp any eq any (4 matches) ! Default Gnutella port permit tcp any eq 6346 any permit tcp any any eq 6346 ! More Napster index ports permit tcp any eq any permit tcp any eq any (7 matches) ! Typical range of Napster file transfers permit tcp any range 6680 6699 any (4800 matches) permit tcp any any range 6680 6699 Now that fall semester is back in full swing, we had a big increase in file sharing traffic, so we are playing with 'traffic-shape group' command to try and limit their bandwidth. I'd be interested in the configs if anyone else is doing this (or similar) to throttle traffic. Jeff Kell [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Blocking Napster on the PIX
Can anyone give me a pointer on how to stop our internal users from downloading things using Napster. I have a PIX 520 firewall with 5.03. I tried : outbound 300 deny 64.124.41.35 255.255.255.240 0 tcp outbound 300 deny 208.178.175.128 255.255.255.248 0 tcp outbound 300 deny 208.49.239.240 255.255.255.240 0 tcp outbound 300 deny 208.49.228.0 255.255.255.0 0 tcp outbound 300 deny 208.184.216.0 255.255.255.0 0 tcp outbound 300 deny 208.178.163.56 255.255.255.248 0 tcp apply (inside) 300 outgoing_dest Unfortunately this did not stop users with the Napster client already installed from donwloading mp3s. Any sound advice is most welcomed. rgds, Manolito **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Blocking Napster on the PIX
jeje, all you have to do, is to block the initial connection to the napster server. this happaens in the tcp port 8875, gnuttella on tcp 6346, icq 2000 tcp 5190, icq tcp and udp 4000. all are dest. ports, of course. ah, if you want to block the new "Scour exchange", block the connection with the host 63.251.203.102. thats all. your internals will hate you, i promisse. -Mensaje original- De: Liwanag, Manolito [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 5:14 PM Para: 'Cisco Group Study' Asunto: Blocking Napster on the PIX Can anyone give me a pointer on how to stop our internal users from downloading things using Napster. I have a PIX 520 firewall with 5.03. I tried : outbound 300 deny 64.124.41.35 255.255.255.240 0 tcp outbound 300 deny 208.178.175.128 255.255.255.248 0 tcp outbound 300 deny 208.49.239.240 255.255.255.240 0 tcp outbound 300 deny 208.49.228.0 255.255.255.0 0 tcp outbound 300 deny 208.184.216.0 255.255.255.0 0 tcp outbound 300 deny 208.178.163.56 255.255.255.248 0 tcp apply (inside) 300 outgoing_dest Unfortunately this did not stop users with the Napster client already installed from donwloading mp3s. Any sound advice is most welcomed. rgds, Manolito **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: blocking napster
Through Gauntlet and now through Proxy Servers, we are blocking by name, napster.com, and that seems to work. It has has users screaming anyway. (Always a good sign) Brad Stanfield Network Engineer [EMAIL PROTECTED] Government Micro Resources Network Operations Control Center Bldg 33 NAVSEA NCOE 757-393-9526 -Original Message- From: Perry Lucas [mailto:[EMAIL PROTECTED]] Sent: Monday, August 14, 2000 5:19 PM To: Sam Adams; [EMAIL PROTECTED] Subject: Re: blocking napster Sam, Napster is able to be proxied through port 80 now with the latest revisions. Simply shutting down port 6699, can't be done anymore to block it. You have to block access to their servers. Last I checked, Raptor, Pix, Gauntlet or Checkpoint didn't block napster's IP addresses directly without customization. - Original Message - From: "Sam Adams" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 14, 2000 1:29 PM Subject: RE: blocking napster Funny that you guys are trying to block napster. Any good firewall takes care of napster in two seconds. I have a raptor sitting right here to prove it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Hardman Sent: Monday, August 14, 2000 8:14 AM To: [EMAIL PROTECTED] Subject: Re: blocking napster Hi As Howard would say, "What is the problem you are trying to solve?" Since you are asking I will assume you are a network admin for a company and that you want to block Napster do to... 1) It taking up time your employees should be using to do their work and 2) It is eating up bandwidth that your company has to pay for. Solutions: 1) Management problem. There should be a policy in place limiting the personal use of company equipment and resources. Employees not following the policy should be disciplined or terminated. 2) Allow employees to run wide and spend lots of time monitoring and trying block activity that the company doesn't want. To block Napster... do a little digging with your favorite nslookup tool and block all access to their IP ranges. HTH -- John Hardman, MCSE+I, CCNA ArrisTech/CCS-IS SysAdmin ""Dave Santeramo"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking napster
I may be wrong, but couldn't you block napster at the router by null 0'ing the IP? I.E. Name:www.napster.com Address: 208.184.216.230 Ip route 208.184.216.230 null 0 This should drop any packets destined for that network Ciao, David "Stanfield Hilman B(Brad) CONT NNSY" wrote: Through Gauntlet and now through Proxy Servers, we are blocking by name, napster.com, and that seems to work. It has has users screaming anyway. (Always a good sign) Brad Stanfield Network Engineer [EMAIL PROTECTED] Government Micro Resources Network Operations Control Center Bldg 33 NAVSEA NCOE 757-393-9526 -Original Message- From: Perry Lucas [mailto:[EMAIL PROTECTED]] Sent: Monday, August 14, 2000 5:19 PM To: Sam Adams; [EMAIL PROTECTED] Subject: Re: blocking napster Sam, Napster is able to be proxied through port 80 now with the latest revisions. Simply shutting down port 6699, can't be done anymore to block it. You have to block access to their servers. Last I checked, Raptor, Pix, Gauntlet or Checkpoint didn't block napster's IP addresses directly without customization. - Original Message - From: "Sam Adams" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 14, 2000 1:29 PM Subject: RE: blocking napster Funny that you guys are trying to block napster. Any good firewall takes care of napster in two seconds. I have a raptor sitting right here to prove it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Hardman Sent: Monday, August 14, 2000 8:14 AM To: [EMAIL PROTECTED] Subject: Re: blocking napster Hi As Howard would say, "What is the problem you are trying to solve?" Since you are asking I will assume you are a network admin for a company and that you want to block Napster do to... 1) It taking up time your employees should be using to do their work and 2) It is eating up bandwidth that your company has to pay for. Solutions: 1) Management problem. There should be a policy in place limiting the personal use of company equipment and resources. Employees not following the policy should be disciplined or terminated. 2) Allow employees to run wide and spend lots of time monitoring and trying block activity that the company doesn't want. To block Napster... do a little digging with your favorite nslookup tool and block all access to their IP ranges. HTH -- John Hardman, MCSE+I, CCNA ArrisTech/CCS-IS SysAdmin ""Dave Santeramo"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
blocking napster
Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking napster
I just went on blocked a /24 and a few IPs I was given from a friend. Employee's have been complaining.. but what can ya do :) #Napster Logon Servers /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.184.216.0/24 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.178.167.0/24 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.178.163.61 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.184.175.130 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.184.175.131 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.184.175.132 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.184.175.133 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.184.175.134 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.49.239.242 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.49.239.247 -j DENY -l /sbin/ipchains -A input -s 192.168.2.0/23 -d 208.49.239.248 -j DENY -l Sorry for the ipchains format, but i'm too lazy to edit it. (yes even using VI). Hope that helps.. -- Regards, --- Marco Paulo Rodrigues Unix Administrator Axxent Corporation Email: [EMAIL PROTECTED] CompTia: A+, Network+, i-Net+ Cisco: CCDA --- "GOD is mankind's finest creation." - Marco Rodrigues "Virtually All Internet Porno flows through the systems of one company. Cisco Systems. Imporning the Internet Generation." - Marco Rodrigues On Mon, 14 Aug 2000, Dave Santeramo wrote: Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking napster
Block the ip address(es) of the Napster server(s) via an ACL. ---JRE--- ""Dave Santeramo"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: blocking napster
Funny that you guys are trying to block napster. Any good firewall takes care of napster in two seconds. I have a raptor sitting right here to prove it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Hardman Sent: Monday, August 14, 2000 8:14 AM To: [EMAIL PROTECTED] Subject: Re: blocking napster Hi As Howard would say, "What is the problem you are trying to solve?" Since you are asking I will assume you are a network admin for a company and that you want to block Napster do to... 1) It taking up time your employees should be using to do their work and 2) It is eating up bandwidth that your company has to pay for. Solutions: 1) Management problem. There should be a policy in place limiting the personal use of company equipment and resources. Employees not following the policy should be disciplined or terminated. 2) Allow employees to run wide and spend lots of time monitoring and trying block activity that the company doesn't want. To block Napster... do a little digging with your favorite nslookup tool and block all access to their IP ranges. HTH -- John Hardman, MCSE+I, CCNA ArrisTech/CCS-IS SysAdmin ""Dave Santeramo"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: blocking napster
Sam, Napster is able to be proxied through port 80 now with the latest revisions. Simply shutting down port 6699, can't be done anymore to block it. You have to block access to their servers. Last I checked, Raptor, Pix, Gauntlet or Checkpoint didn't block napster's IP addresses directly without customization. - Original Message - From: "Sam Adams" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 14, 2000 1:29 PM Subject: RE: blocking napster Funny that you guys are trying to block napster. Any good firewall takes care of napster in two seconds. I have a raptor sitting right here to prove it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Hardman Sent: Monday, August 14, 2000 8:14 AM To: [EMAIL PROTECTED] Subject: Re: blocking napster Hi As Howard would say, "What is the problem you are trying to solve?" Since you are asking I will assume you are a network admin for a company and that you want to block Napster do to... 1) It taking up time your employees should be using to do their work and 2) It is eating up bandwidth that your company has to pay for. Solutions: 1) Management problem. There should be a policy in place limiting the personal use of company equipment and resources. Employees not following the policy should be disciplined or terminated. 2) Allow employees to run wide and spend lots of time monitoring and trying block activity that the company doesn't want. To block Napster... do a little digging with your favorite nslookup tool and block all access to their IP ranges. HTH -- John Hardman, MCSE+I, CCNA ArrisTech/CCS-IS SysAdmin ""Dave Santeramo"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any suggestions on how to block users of Napster? Since it uses a random port number I am not sure how to do this. thanks ___ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Napster
Does anyone know what port I neeed to close on my pix to block napster? Steve Smith MCSE, CCNA Freeliant.com 901-388-4637 ext.106 Steve Smith.vcf Steve Smith.vcf
RE: Napster
Title: RE: Napster 6699 8875 -Original Message- From: Steve Smith [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 19, 2000 8:38 AM To: '[EMAIL PROTECTED]' Subject: Napster Does anyone know what port I neeed to close on my pix to block napster? Steve Smith MCSE, CCNA Freeliant.com 901-388-4637 ext.106 Steve Smith.vcf
RE: Napster
Steve, I observed ports 8875, 1456, but I believe Napster has the ability to use port 80, so port blocking won't help. We're doing a simple IP block here, at the router. That will stop most users. There's a proxy function within Napster, so there may be a small amount of people who will get around the IP block. If anyone else has any ideas, I'd like to hear them as well. Bob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Smith Sent: Wednesday, July 19, 2000 9:38 AM To: '[EMAIL PROTECTED]' Subject: Napster Does anyone know what port I neeed to close on my pix to block napster? Steve Smith MCSE, CCNA Freeliant.com 901-388-4637 ext.106 Steve Smith.vcf ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster
Well... I ran Napster through Sniffer Pro. I logged on, searched for a song, and then began a download. Here were my findings. The source port is , with a destination of 1632. Once you find a song and start to download though, the source port switches to that of the machine that you are downloading from. In my case it was 1026. Blocking the server source port of should work however. I am probably wrong therefore there is no warranty either expressed or implied with this information. :)) Take care, Roman P.S. I also uncovered destination port 6699 being used on my system by napster. Good luck! At 08:38 AM 7/19/00 -0500, you wrote: Does anyone know what port I neeed to close on my pix to block napster? Steve Smith MCSE, CCNA Freeliant.com 901-388-4637 ext.106 Steve Smith.vcf ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster
Does anyone know what port I neeed to close on my pix to block napster? Steve, You'll need to block the servers themselves. http://www.phoneboy.com/fw1/faq/0386.html David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Napster
Another way of blocking napster is to deny any traffic destined for the napster.com domain (208.184.216.230) I found that even by blocking those ports napster was able to get out on other well known ports.. Hope that helps Russ.. "Steve Smith" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know what port I neeed to close on my pix to block napster? Steve Smith MCSE, CCNA Freeliant.com 901-388-4637 ext.106 Steve Smith.vcf ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]