I recognize that it may be nearly impossible to prevent Napster music file downloads through port and IP blocking (even stateful), given the plethora of (bewildering to me) Socks/HTTPS proxy widget solutions now available to the dedicated Napsterer to circumvent download restrictions. I am not unconcerned, but am far less concerned about my users downloading files on their lunch hour, than I am concerned over the fact that my users may end up sharing files I would not want shared, whether intentionally or accidentally, via software tools installed to support these file clearinghouse systems. In fact, my real fear is that the more forcefully I close off Napster, the more creative the solutions used to circumvent the blocks will become, and the more likelihood that someone will open a hole I don't even realize is possible nor they even know they made. It's seems like an arms race, and I'm fear I am still at the point of ooh and aah-ing over my new bow and arrow, while they are at the AK47 stage. I am using WinRoute 4.1 on an NT platform, forcing all HTTP access via Proxy, and (will be) blocking all ports that are unused to outbound traffic on the NAT as soon as I finish the final stages of determining what each is. Unfortunately, I may be forced to open 20 and 21 outbound to all sites, because of FTP downloads we need to perform, that don't seem to proxy correctly. My intention is for all IP traffic to be blocked by default, and enabled only for the specific applications, and targeted to the appropriate specific Host/Port/Protocol ranges. What I was wondering was is if any of you are aware of the existence of a circumvention solution that will allow my users to service requests for file downloads, across my Winroute NAT (stateful inspection with most ports blocked outbound) and web browsing only via my proxy server here (but not limited to specific sites), by utilizing the more creative tools available to them? Or asked another way, does anyone percieve a hole there that I don't see? Any input will be greatly appreciated. Guy Skaggs Director of Technology Martingale Asset Management - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
