Hi,
Just to add...
I've seen on the Cisco PIX that it seems Napster traffic likes to hit port
8888 on the outbound, no matter what port I set on the Napster client.
However, the article below
http://www.securityportal.com/closet/closet20000419.html
states that Napster uses 4444,5555,6666,6699, and 7777 as well. I just set
the outbound to
deny tcp any any eq <1 of the 6 ports>
and do this for all 6 ports. I figure, unless the Napster developers change
the code, this will block current and future Napster servers. If some legit
application in the future uses those ports, I guess I'll have to be more
specific on what outbound traffic will be allowed on those ports.
Hope this helps.
--Matt
> -----Original Message-----
> From: Daniel Hammer [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 09, 2001 2:22 AM
> To: Michael T. Babcock
> Cc: Ryan, Kennedy; [EMAIL PROTECTED]
> Subject: Re: napster
>
>
> BS"D
>
> Hi,
>
> Michael wrote the magic words:
> > Most Napster clones (use Napster servers, not Napster
> client) allow the user
> > to pick other servers not run by Napster. There are
> directories of such
> > servers online that are easily accessible. File transfers
> do not happen
> > between users and Napster's servers, but between users
> themselves so blocking
> > Napster's C class does little in the long run.
>
> absolutely right, I agree. The "normal way" is to query via
> port 8888 a napster-bot
> cluster and you get the IP's of available napster servers;
> usually 16 servers each block.
> For example, you get this list of servers:
> 64.124.41.159:8888
> 64.124.41.160:8888
> 64.124.41.161:8888
> 64.124.41.162:8888
> 64.124.41.167:8888
> 64.124.41.168:8888
> 64.124.41.204:8888
> 64.124.41.239:8888
> --- cut ---
> 208.184.216.15:8888
> 208.184.216.16:8888
> 208.184.216.18:8888
> 208.184.216.23:8888
> 208.184.216.24:8888
> 208.184.216.44:8888
> 208.184.216.47:8888
> 208.184.216.60:8888
> 208.184.216.61:8888
> --- cut ---
> These servers do not transfer the mp3-files they give you an
> IP of someone who has
> the type of mp3 you've requested and a port the donator
> served for a contact in order to
> transfer files. Your client then does contact the donators
> machine via its IP and the
> port he saved for you. These ports are dynamic and not fixed
> so that there is no standard
> port for all these transfers.
> IMHO the best way to block napster is therefore to block the
> queries to the napster
> bot servers so that no "deal" between 2 clients could be established.
>
> > "Ryan, Kennedy" wrote:
> >
> > > We block their class c network address of 61.124.41.0 and
> effectively shut
> > > down mp3 downloads from Napster..
>
> Best,
>
>
> /\
> Daniel / \___
> / /
> /o o o \
> / \|/ \
> / (")__# \ Linux is like a wigwam...
> / /v\ \ No windows, no gates,
> / /( )\ \ and Apache inside
> / (m_m) \
> -------------------
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
