We actually had better luck with Packethound. It is a box that goes up the
to the application layer to decide whether to block or not. And the rules
can be set to block searches, block downloads or block uploads.
We could never figure out a good way to block napster using firewall
rules/router filters so we started looking into other mechanisms to block
unwanted traffic. We decided that we would allow downloads but didn't want
our campus to become the central download site. We enabled the Packethound
rule to block outbound traffic and our outbound traffic dropped 30M. Of
course, the question becomes: How long before the students figure out a way
around anything we do....
http://www.packethound.com/
-----Original Message-----
From: D. Clyde Williamson [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 09, 2001 9:32 AM
To: Paul Metzger
Cc: Scott Overfield 7239; [EMAIL PROTECTED]
Subject: RE: napster
Actually blocking Napster.com isn't much good anymore. With the
release of OpenNAP there are thousands of different domains that users
can point napster clients at. Check out
http://www.napigator.com/list.php . If you want to block Napster, you
must block all of those (they change everyday). On top of that
'MyNapster Webclient' means you'll have to start filtering websites to
see if someone is using the webclient to download Napster. Of course
there is also iNapster, another web interface for Napster. If you
permit IRC, you'll have to block it... since there is a Napster
Interface for IRC.
Now, that helpful information out of the way...
Perhaps, someone on this list can see why 'blocking' stuff on the
Internet is an effort in futility. Blocking Napster, turns IT security
into a 'Technology Arms Race'. Who will win? No one. People will
always find ways around the blocks, and you will always find ways to
add more blocks. Marcus Ranum made it very clear when he said that you
cannot use technical solutions to solve social problems. People
downloading .mp3's from Napster at work would be a social
problem. Instead of beating your head against your firewall, let HR
deal with it. HR can make an official policy saying "No Napster" and
you can simply monitor Napster activity from time to time, and send
offenders to HR to be dealt with.
Paul Metzger writes:
> Napster is set to default to port 6699 I believe. You can block this port
> but if you have a halfway computer literate employee or one that can read
> and is rather inquisitive at the least the port number is easily
changeable.
> The best way to block it I believe would be to just block Napster.com If
it
> cannot get there then the port is not going to matter. If your network is
> behind a firewall then this should be a easy feat to accomplish. I hope
this
> information helps you some. If I can help you more then let me know and
I'll
> help you in any way I can.
>
> Paul
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Overfield 7239
> Sent: Thursday, February 08, 2001 2:43 PM
> To: [EMAIL PROTECTED]
> Subject: napster
>
>
> does anyone know how to prevent use of napster?
>
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
>
> Time spent petting the cat is never wasted...
>
> signed,
> The Cat
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
