RE: [FW1] Napster

TCheeseman Fri, 28 Jul 2000 08:45:47 -0700

Thanks for the reply

I agree.  Doesn't this "Gnutella" program dynamically select ports?

Also, correct me if I'm wrong (which I probably am!), but if these ports
(i.e 137, Naptser, etc.) are not defined in the rule base, won't they be
blocked automatically?  Our rule base and security policy is explicit and
there are no "general' rules.


-----Original Message-----
From: Jack Coates [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 28, 2000 11:24 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [FW1] Napster


You'd have to snoop every time a user connects, which could be
scripted. But sooner or later this approach will break other services -
especially FTP and more legit streaming media.

All those people who've blocked Napster by defining it in their DNS had
better get ready for the exciting world of Gnutella...

-- 
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376


On Fri, 28 Jul 2000 [EMAIL PROTECTED] wrote:

> 
> Can anyone suggest method of adequately testing these port numbers?
> 
> -----Original Message-----
> From: Michael Hernandez [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 28, 2000 8:54 AM
> To: 'Michael Tench'; Gijs Wuyts; 'Mike Anning';
> [EMAIL PROTECTED]
> Subject: RE: [FW1] Napster
> 
> 
> 
> Just to add a little more, as Michael Tench said real world counts, and
> after serving 10 years in the Navy working in NOC's I can say that besides
> agreeing with his approach you may also opt for an easier way, meaning
setup
> a single rule with your workstation and on the log filter only
> outbound/inbound traffic as you hit napster, you'll notice napster will
open
> 2 ports initially, one port is a UDP port which queries for a napster
> server, once found then send another request via TCP (on a different port)
> to establish a connection (<--- this is how others can download from
you!).
> Once you see those ports, all you have to do is close those 2 ports and
the
> napster application will be useless!.
> 
> --Michael H.
> 
> -----Original Message-----
> From: Michael Tench [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 28, 2000 8:12 AM
> To: Gijs Wuyts; 'Mike Anning'; [EMAIL PROTECTED]
> Subject: RE: [FW1] Napster
> 
> 
> 
> Instead of worrying about the ports these programs use (some of these
> utilities will use what ever port you have open), I would reccommend
> changing your security stance. I.E....I do not allow any workstations on
my
> network to have direct outbound access. I only allow a proxy to have
> outbound access through FW1...the proxy can then filter at the application
> layer.
> Additionally, a security policy should be "deny all except what is
required"
> that way you are already denying access to various "esoteric" ports.
> I know this wasn't what you asked, but believe me...it will save you alot
of
> heartache at a later date.
> 
> Michael Tench
> Yeah I have a whole lot of alphabet soup after my name too...so what..
> certifications mean nothing. Real world knowledge mean everything.
> 
> On Fri, 28 Jul 2000 13:42:55 +0200, Gijs Wuyts wrote:
> 
> >  
> >  First posting, so ignore my level of knowledge...
> >  
> >  Is there a comprehensive resources regarding ports for exotic
> applications
> >  like these.
> >  Most protocols I can find via ietf, but e.g. I don't think Napster, etc
> are
> >  using ports described via RFC's?
> >  
> >  Gijs
> >  
> >  -----Original Message-----
> >  From: [EMAIL PROTECTED]
> >  [mailto:[EMAIL PROTECTED]]On Behalf Of
Mike
> >  Anning
> >  Sent: Friday, July 28, 2000 10:31 AM
> >  To: [EMAIL PROTECTED]
> >  Subject: [FW1] Napster
> >  
> >  
> >  
> >  
> >  
> >  So it seems, according to CNN, that the battle is finally won.... but
the
> >  war is
> >  far from over!
> >  
> > 
>
----------------------------------------------------------------------------
> >  -----
> >  DISCLAIMER:
> >  This E-mail is strictly confidential and intended solely for the
> addressee.
> >  It may contain information that is covered by legal, professional or
> other
> >  privilege. If you are not the intended addressee you must not use,
> disclose
> >  or
> >  copy this transmission.
> >  
> >  This E-mail is not intended to impose nor shall it be construed as
> imposing
> >  any
> >  legally binding obligation upon CHEP and/or any of its subsidiaries or
> >  associated companies.
> >  
> >  Neither CHEP nor any of its subsidiaries or associated companies gives
> any
> >  representation or warranty as to the accuracy or completeness of the
> >  contents of
> >  this E-mail.
> >  
> >  CHEP shall not be held liable to any person resulting from the use of
any
> >  information contained in this E-mail and shall not be liable to any
> person
> >  who
> >  acts or omits to do anything in reliance upon it.
> >  
> >  
> >  
> >  
> > 
>
============================================================================
> >  ====
> >       To unsubscribe from this mailing list, please see the instructions
> at
> >                 http://www.checkpoint.com/services/mailing.html
> > 
>
============================================================================
> >  ====
> >  
> >  
> >  
> > 
>
============================================================================
> ====
> >       To unsubscribe from this mailing list, please see the instructions
> at
> >                 http://www.checkpoint.com/services/mailing.html
> > 
>
============================================================================
> ====
> 
> 
> Michael Tench
> 
> 
> 
> 
> 
> _______________________________________________________
> Say Bye to Slow Internet!
> http://www.home.com/xinbox/signup.html
> 
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Napster

Reply via email to
