On Thu, 24 May 2001 [EMAIL PROTECTED] wrote:
> I want to disable only the outbound connection of napster, it uses
> port 6699 if I am not mistaken.
at sans last week a great talk was given entitled 'napster: want it gone?'
he was using snort to match the patterns of the packets for logging on to
the napster servers and sending resets to both ends of the connection.
this works significantly better than just blocking an arbitrary port,
which can be shifted around (the software, if i am not mistaken, will try
a few ports).
dig through the napster protocol and use a reactive ids to do this. much
better than a simple block using a firewall, and you can block any port
with that packet data. the napster and opennap protocols differ slightly,
so beware.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
