Title: Message
Checkpoint NG with Application Intelligence will look
into the stream and block applications like Kazaa. This is their new
productrelease level,and they have radically changed their pricing
and market focus...so don't assume that they are unaffordable. You can
also
IDS / SNORT p2p bullshit --- stupid whitehats
http://exploitlabs.com/files/misc/badhat.txt
morning_wood
A few folks don't know that Snort can be a little more proactive than just
detection. Check out:
http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24
As for my comment, I
In my current situation - I can't enforce crap because the biggest offender
is one of the VP's.
Heh that could be a BCM (Bad Career Move) for you. Seriously, if the
president or CEO doesn't care, and you can't enforce it from a
technological standpoint, you're really down to two options: let
: Re: [Full-Disclosure] Blocking Music Sharing.
I heartily disagree -- if an offense is considered
serious enough to
warrant being prohibited in an org's Acceptable Use
Policy then
there should be real punishment involved. If an
offense isn't a big
deal, then the AUP should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
A few folks don't know that Snort can be a little more proactive than just
detection. Check out:
http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.24
As for my comment, I agree with Jared's comment. Be sure that your users
Johnson, Mark [EMAIL PROTECTED] wrote:
Due to the legal issues, I am trying to block access to sites like Kazaa
and Limewire in the office. If I am not mistaken, these networks can
use different ports each time, so there is no way to block it at the
firewall. Is this right? And if so, what
Howdy Cael,
I heartily disagree -- if an offense is considered serious enough to
warrant being prohibited in an org's Acceptable Use Policy then there
should be real punishment involved. If an offense isn't a big deal,
then the AUP should be rewritten.
in a world whence all things was
I heartily disagree -- if an offense is considered serious enough to
warrant being prohibited in an org's Acceptable Use Policy then there
should be real punishment involved. If an offense isn't a big deal,
then the AUP should be rewritten.
My belief is that proactive prevention
Cael,
I would suggest surfcontrol instant messaging filter if you are going to
use a commercial based product. It is designed specifically to
block/filter IM and P2P protocols at a corporate level. URL for more
info is here: http://www.surfcontrol.com/products/im/
Runs on PIII-400 and above.
A.
Zdziarski
Sent: Tuesday, September 16, 2003 9:33 PM
To: Ron DuFresne
Cc: Cael Abal; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Blocking Music Sharing.
I heartily disagree -- if an offense is considered serious enough to
warrant being prohibited in an org's Acceptable Use Policy
Title: Message
Snort is one tool used by alot of IT guys to block file
sharing programs. THe trouble with these programs is that they have built in
port "movers" that will scan the local network to find an available port to work
on. Scripting is one way to do itbut that mostly just
Title: Message
Mark,
If you have a Cisco infrastructure you can use
NBAR. NBAR looks at more than just port numbers to identify traffic and Cisco
regularly writes new PDLMs to define new applications. You can also create
custom lists to look for new applications that Cisco doesn't yet
Just block ALL the traffic outbound and allow only necessary ports,
like HTTP/S, FTP, SMTP, DNS etc. Requires more work on your end
managing the firewall rules but a better practice and protection in
the long run.
Dimitri
|-+--
| |
From the latest LinuxJournal:
http://www.linuxjournal.com/article.php?sid=6945
http://www.linuxjournal.com/article.php?sid=6945
-Original Message-
From: Johnson, Mark [mailto:[EMAIL PROTECTED]
Sent: Monday, September 15, 2003 11:37 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure]
Due to the legal issues, I am trying to block access to sites like Kazaa
and Limewire in the office. If I am not mistaken, these networks can
use different ports each time, so there is no way to block it at the
firewall. Is this right? And if so, what is the best way to block
access to these
Title: Message
I think the key here is a strong enforceable
communicated policy and then identifying the traffic and addressing the user. I
would go with an IDS
(Snort is a good choice to IDENTIFY as you can easily write the sigs). Now
granted Snort could pick it up on different ports
That won't alwasy work.
I don't know enough about the inner workings of Limewire
and such but I know that AIM has a mechanism to go out over
any well known port such as 53 or 21...i'm sure the makers
of P2P have incorporated similiar features into their
designs.
The only advice I can give is to
Snort is passive, therefore it does not defaulty block anything it merely
alerts upon the ruleset you have setup.
Snort-Inline can work in a more active mode.
-Dan
On Mon, 15 Sep 2003, Jason Bethune wrote:
Snort is one tool used by alot of IT guys to block file sharing programs.
THe trouble
The lastest issue of Linux Journal had a writeup on how to do this..
HTH,
Denis
On Mon, 15 Sep 2003, Johnson, Mark wrote:
Due to the legal issues, I am trying to block access to sites like Kazaa
and Limewire in the office. If I am not mistaken, these networks can
use different ports each
collected. SOME ONE must periodically
verify
smenard
steve at Byte Busters dot ca
Saint John, NB,
Canada,
- Original Message -
From: Jason Bethune
To: [EMAIL PROTECTED]
Sent: Monday, September 15, 2003 2:06 PM
Subject: RE: [Full-Disclosure] Blocking Music Sharing.
Snort is one tool
-
| From: [EMAIL PROTECTED] [mailto:full-disclosure-
| [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
| Sent: Monday, September 15, 2003 2:56 PM
| To: Dimitri Limanovski; Johnson, Mark
| Cc: [EMAIL PROTECTED]
| Subject: Re: [Full-Disclosure] Blocking Music Sharing.
|
| That won't alwasy work
The problem with sites that are not really able to enforce, can be
somewhat mitigated by a weekly posting of offenders in a pulic place
within the company halls.
Thanks,
Ron DuFresne
On Mon, 15 Sep 2003, Bergeron, Jared wrote:
I think the key here is a strong enforceable communicated policy
:I think the key here is a strong enforceable communicated policy and then identifying
the traffic and addressing the
user. I would go with an IDS (Snort is a good :choice to IDENTIFY as you can easily
write the sigs). Now granted Snort
could pick it up on different ports depending on what it
Security Engineer
Atlantech Online Inc.
- Original Message -
From: Andrews Carl 448 [EMAIL PROTECTED]
To: 'Johnson, Mark' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Monday, September 15, 2003 1:41 PM
Subject: RE: [Full-Disclosure] Blocking Music Sharing.
From the latest LinuxJournal
Snort rules and port blocking of non-essential services are all very
well but they'll never stop anything - anyone remember the CDC's much
publicised 'Peek-a-Booty' I remember them commenting that it was going
to run over SSL on port 443 by default - after all which sysadmin is
going to
On Mon, Sep 15, 2003 at 04:30:31PM -0400, David Loyd wrote:
Kazaa uses fast track. It is nearly impossible to block it based on
ports. We use a product called websense that is able to block this traffic
by looking at various strings. More information can be found on their site.
Hope this
PROTECTED]
Sent: Monday, September 15, 2003 1:59
PM
Subject: RE: [Full-Disclosure] Blocking
Music Sharing.
I think the key here
is a strong enforceable communicated policy and then identifying the traffic
and addressing the user. I would go with an IDS (Snort is a good choice
t
maybe you should take a look at http://l7-filter.sourceforge.net/
bye
Michael
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I would suggest surfcontrol instant messaging filter if you are going to
use a commercial based product.
It is designed specifically to block/filter IM and P2P protocols at a
corporate level.
URL for more info is here: http://www.surfcontrol.com/products/im/
Runs on PIII-400 and above.
256mb ram
of applications by port-blocking method, cause most companies mostly
to allow HTTP (eventhough via proxy)
cheers,
albert
Jason Bethune [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
09/16/2003 01:06 AM
To: [EMAIL PROTECTED]
cc:
Subject:RE: [Full-Disclosure
30 matches
Mail list logo