[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
Title: RE: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ? Right said. There are HTTP tunnel progz, not to mention that, indeed, Kazzzzzzaaaaaa and Morpheus can use ANY available port. Permiting for everyone UDP 53 can do the trick. The same stands for AIM. As a matter of fact most new appz like Kazzzzaaaaaa, Morpheus and S**T like that operate under the same philosophy. As far as i can tell you have no chance. Not to mention that "Login Servers" for Kaaaaazzzzzaaaaaaaa AND Morpheus can change (as they have changed in the past). What i would do is make a REAL Security Policy concerning the Company. Block ALL unwanted Downloads AND uploads and use a Proxy for WEB browsing. Use CVP Server and Mail-Relay (McAfee can do the trick) in order to block Viruses, unwanted attachements, specific "words" inside e-mail. Create URI resources so that NOONE can download executable files and S**T like that (Both HTTP & FTP). Install an IDS or better a IPS so that you can REALLY see what the heck is going on. You can also create URI resources for incoming HTTP traffic (i think you want to know what GET, PUT, POST etc commands someone is sending @ your WEB Servers). So.... DENY everything and after you have made a Complete Network Diagram including Clients, Servers, Services etc, start permitting. But have in mind that the default policy is ANY, ANY, ANY, DROP, LONG and not ANY, ANY, ANY, ACCEPT. Not lecturing, just having bad memories regarding Policy made form Consultants and "Experts" here in Greece. Yeap, Consultants are the best here in Greece. Their Default Policy is ANY, ANY, ANY, ACCEPT. Yeap you Rock guys. Keep up the good work. Not to mention anti-spoofing... Anti-spoofing? Can you eat this stuff? Does it taste good? How much is it? Doooohhhhh.... Yes people. The best practise is ANY, ANY, ANY, ACCEPT... After all you will not worry about your policy, you will know from the start it accepts everything. You will not worry in case you have not covered something (in the policy that is). You will have your ass uncivered but who gives a flying banana? Right? Nothing personal Serge. -----Original Message-----
Hello, at first I am the same opinion as Dimitris, you better use another strategy
But anyway if you don't want to change it, blocking tcp and udp port 1214
best regards fitz =================================================
|