I know that blocking ports may cause other problems. The "well-known"
Napster ports though are not used by any other applications as far as I
know (at least not any "useful" apps). It's a matter of how you
implement your filtering:
- Either deny everything and let the users complain to see what you need
to (possibly) allow through
- Or allow everything and then try to figure out what you can block
In the case of apps that can switch or scan for free ports I guess your
only solution is to look for the apps signature within the packets. I
assume this can be done with some elaborate software/hardware with
sufficient capacity and intelligence... :-)
//Robert
Mike Glassman - Admin wrote:
>
> Or....
>
> What happens if some other usefull software needs these ports for some
> reason ? Not that it's much of an answer, but port blocking allways leaves
> you with a thought of what needs what now.
>
> And that will work so long as Napster doesn't change the port settings,
> which is possible indeed.
>
> If you really want to go mad, take a look at Odigo. The new version not only
> does full "any" port scanning to get out, but also allows email dld, file
> transfers from user to user, full chat, and all on scanning ports.
>
> Their support refuses to assist in this.
>
> So far, I'v been unable to block it in any form or shape.
>
> Any ideas ?
>
> Mike
>
> > -----Original Message-----
> > From: Robert Olsson [SMTP:[EMAIL PROTECTED]]
> > Sent: � ������ 23 2000 11:22
> > To: Young, Beth A.
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: Napter traffic pattern
> >
> > Why don't you just block the TCP-ports used by Napster? Denying traffic
> > to/from ports 6699 and 8888 ought to do the trick. Or?
> >
> > //Robert
> >
> > "Young, Beth A." wrote:
> > >
> > > The white paper is not done (too many other projects right now to finish
> > it)
> > > but here is the gist of the traffic patterns. Since I got enough
> > off-list
> > > email expressing interest, it seems appropriate to post it here.
> > >
> > > I used a router to block incoming SYN packets to my IP address which
> > blocked
> > > napster traffic from my machine until I changed the client setting to "I
> > > live behind the firewall." At that point, people started downloading
> > from
> > > me again because my client would initiate the SYN. It also doesn't do
> > any
> > > good to block the napster subnet range. While that works 95% of the
> > time,
> > > there are other napster servers out there that do not live in the
> > napster
> > > 64.124.41.0 network.
> > >
> > > A co-worker is looking at Packet Pup as a way to block napster but we
> > are
> > > kind of unique in that we don't care if students download files but we
> > don't
> > > want to be the main supplier of songs so we want to block downloads from
> > us.
> > > *shugs* any suggestion on that front would appreciated.
> > >
> > > -Beth
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
