Check
Point blocks traffic bound for port 1214 by default, so you shouldn’t even need
a rule to block Kazaa and Morpheus. You would actually have to have a rule
which allows them access to port 1214 in order for them to work. We have them
blocked and didn’t need a rule to do it. You must (inadvertently) have a rule
which is allowing that traffic out. Kazaa and Morpheus are not that smart, so
they won’t jump around to different ports looking for an opening. Check and
re-check your rulebase.
-----Original
Message-----
From: Serge Vondandamo
[mailto:[email protected]]
Sent: Thursday, March 14, 2002
12:11 PM
To:
[email protected]
Subject: Re: [FW-1] Does anyone
know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
No. This is the highest
rule in the rule-set .
And they are definetely
using Kazaa, I have checked and rechecked the rule and everything si configured
right.
No drop or reject logs.
Cheers,
Serge
-----Original Message-----
From: Stuart Carrison [mailto:[email protected]]
Sent: jeudi 14 mars 2002 17:04
To:
[email protected]
Subject: Re: [FW-1] Does anyone
know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
this should do the trick, probably you have
an allow rule higher in the rule-set?
Stu
-----Original
Message-----
From: Serge Vondandamo
[mailto:[email protected]]
Sent: 14 March 2002 15:10
To:
[email protected]
Subject: [FW-1] Does anyone know
how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
Hi,
I have made a
rule rejecting all incoming & Outgoing connections on UDP 1214 and TCP
1214, and I thought that would block KazAa and some of these parasite but it
did not !!!
Users can
still use Kazaa and share files. Does anyone know how to effectively block this
?
Thanks for your help.
Cheers,
Serge
-----Original
Message-----
From: Don [mailto:[email protected]]
Sent: jeudi 14 mars 2002 14:54
To: [email protected]
Subject: Re: [FW-1] Source IP change after creating uri
> I'm
using FW 4.1 SP5, anyone any idea how to get the FW to broadcast
> the actual source IP instead of it's int IP after applying a
URI
> resource to a rule ? ie would be nice to know what host was
attacking
> your dmz with a codered worm etc...
There is no way to do this. When a connection passes through the
security server it is proxied and the source becomes the firewall. You would
need to look at the firewall logs to find the source address.
-don
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
___________________________________________________________
Screwfix Direct Ltd
Registered Office:
Houndstone Business Park
Yeovil
BA22 8RT
Registered in England
Number 3006378
BUY ONLINE NOW at
http://www.screwfix.com
This e-mail is only
intended for the person(s) to whom it is addressed and may contain confidential
information.
Unless stated to the
contrary, any opinions or comments are personal to the writer and do not
represent the official view of the company. If you have received this e-mail in
error, please notify us immediately by reply e-mail and then delete this
message from your system. Please do not copy it or use it for any purposes, or
disclose its contents to any other person.
Thank you for your
co-operation.