-----Original Message-----
From: Christopher Collins
[mailto:[email protected]]
Sent: jeudi 14 mars 2002 19:46
To:
[email protected]
Subject: Re: [FW-1] Does anyone
know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
Check Point blocks traffic bound for port 1214 by default, so you
shouldn't even need a rule to block Kazaa and Morpheus. You would actually have
to have a rule which allows them access to port 1214 in order for them to work.
We have them blocked and didn't need a rule to do it. You must (inadvertently)
have a rule which is allowing that traffic out. Kazaa and Morpheus are not that
smart, so they won't jump around to different ports looking for an opening.
Check and re-check your rulebase.
-----Original
Message-----
From: Serge Vondandamo
[mailto:[email protected]]
Sent: Thursday, March 14, 2002
12:11 PM
To:
[email protected]
Subject: Re: [FW-1] Does anyone
know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
No. This
is the highest rule in the rule-set .
And they
are definetely using Kazaa, I have checked and rechecked the rule and
everything si configured right.
No drop
or reject logs.
Cheers,
Serge
-----Original Message-----
From: Stuart Carrison
[mailto:[email protected]]
Sent: jeudi 14 mars 2002 17:04
To: [email protected]
Subject: Re: [FW-1] Does anyone
know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
this should do the trick, probably you
have an allow rule higher in the rule-set?
Stu
-----Original Message-----
From: Serge Vondandamo
[mailto:[email protected]]
Sent: 14 March 2002 15:10
To:
[email protected]
Subject: [FW-1] Does anyone know
how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?
Hi,
I have made a rule rejecting all incoming
& Outgoing connections on UDP 1214 and TCP 1214, and I thought that would
block KazAa and some of these parasite but it did not !!!
Users can still use Kazaa and share files.
Does anyone know how to effectively block this ?
Thanks for your help.
Cheers,
Serge
-----Original Message-----
From: Don [mailto:[email protected]]
Sent: jeudi 14 mars 2002 14:54
To: [email protected]
Subject: Re: [FW-1] Source IP change after creating uri
> I'm using FW 4.1 SP5, anyone any idea
how to get the FW to broadcast
> the actual source IP instead of it's int IP after applying a
URI
> resource to a rule ? ie would be nice to know what host was
attacking
> your dmz with a codered worm etc...
There is no way to do this. When a connection passes through the
security server it is proxied and the source becomes the firewall. You would
need to look at the firewall logs to find the source address.
-don
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
___________________________________________________________
Screwfix Direct Ltd
Registered Office:
Houndstone Business Park
Yeovil
BA22 8RT
Registered in England
Number 3006378
BUY ONLINE NOW at
http://www.screwfix.com
This e-mail is only
intended for the person(s) to whom it is addressed and may contain confidential
information.
Unless stated to the
contrary, any opinions or comments are personal to the writer and do not
represent the official view of the company. If you have received this e-mail in
error, please notify us immediately by reply e-mail and then delete this
message from your system. Please do not copy it or use it for any purposes, or
disclose its contents to any other person.
Thank you for your co-operation.