RE: [FW1] How to block MP3 download

Thu, 22 Jun 2000 06:08:48 -0700 


The IP's that you have found already fall under the subnets
208.184.216.0/255.255.255.0 and 208.49.239.246/255.255.255.240. This is
simply overkill to list them out individually.

  
Andrew Linker                                                 
Systems Administrator 
Telogy Networks, Inc. 
     - A Texas Instruments Company 
20250 Century Blvd. 
Germantown, Md. 20874 
(301) 515-6571 voice 
(301) 515-7954 fax                                            
[EMAIL PROTECTED] < mailto:[EMAIL PROTECTED]> 
www.telogy.com < http://www.telogy.com> 



-----Original Message-----
From: Reale, Charles [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 21, 2000 6:29 PM
To: 'Greaser, Kirk N.'; '[EMAIL PROTECTED]'
Subject: RE: [FW1] How to block MP3 download



These are the addresses that I have found...

208.184..216.222
208.184.216.223
208.184.216.231
208.184.216.232
208.184.216.233
208.184.216.234
208.184.216.238
208.49.239.246




-----Original Message-----
From: Greaser, Kirk N. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 21, 2000 4:32 PM EST
To: 'Reale, Charles'; '[EMAIL PROTECTED]'
Subject: RE: [FW1] How to block MP3 download


The fix at www.phoneboy.com/fw1/faq/0386.html only lists the following 5 IPs

208.178.163.56/255.255.255.248 
208.178.175.128/255.255.255.248 
208.49.239.240/255.255.255.240 
208.49.228.0/255.255.255.0 
208.184.216.0/255.255.255.0 

how did you locate 3 additional IPs. and what are the IPs?

Thanks, Kirk
-----Original Message-----
From: Reale, Charles [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 21, 2000 8:46 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [FW1] How to block MP3 download



Francois,
I had the same problem with users and MP3 downloads. Follow the instructions
below, (they are from CP tech support) However, this will not block Napster.
Napster uses a their own proprietary protocol, so you have to get creative.
To keep people from going to Napster, I had to block the site entirely by
creating a Network Object and then workstation objects for every IP address
Napster resolves to ( I believe there are 8 sites), then entering the
workstation objects into the group. It is a nuisance, but it works. The rule
looks something like this....
Source-->MyLan  Destination-->NapsterGroup  Service-->Any  Action-->Drop

To block MP3 downloads...
Try this exact syntax

How to block HTTP downloads

Fact: Firewall-1  
Fact: HTTP Security Server

Fix: Create a HTTP resource as follows:
In the URI Definition window, "Match" tab: 
Schemes: HTTP 
Methods: GET 
Host:    * 
Path:    *.{ra,rm,ram,mov,asf,asx,wm,wma,wax,wvx,mp3}
Query:   * 
Include any desired extensions 

Create a rule that uses this resource and denies access to anything
matching this resource (note this rule should show up before your rules
that allow general HTTP access): 
  Source         Destination     Service                Action 
Internal-Net     Any            http->resource          Reject 


The rule above also blocks Real Audio, Windows Media Player, and most
Streaming Audio and Video, although Real Player can be reconfigured to use
HTTP so that may still get through. As an FYI, you may also want to create
an FTP Resource that does the same thing. Users can get be pretty
resourceful if they have to......

Good Luck,
C-

-----Original Message-----
From: Fran�ois Georgy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 21, 2000 7:39 AM
To: Fw-1-Mailinglist (E-mail)
Subject: [FW1] How to block MP3 download



Hi,

Is it possibel to block MP3 downloads with FW-1 ? If yes, how?

TIA

Fran�ois Georgy
System Manager
DSC - Communication Systems Department
Swiss Federal Institute of Technology Lausanne, EPFL
office: IN.R.112
phone: +41 (0)21 693 68 62
fax: +41 (0)21 693 47 10
email: [EMAIL PROTECTED]




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to