Check
Point blocks traffic bound for port 1214 by default, so you shouldn’t even
need a rule to block Kazaa and Morpheus. You would actually have to have a
rule which allows them access to port 1214 in order for them to work. We have
them blocked and didn’t need a rule to do it. You must (inadvertently) have a
rule which is allowing that traffic out. Kazaa and Morpheus are not that
smart, so they won’t jump around to different ports looking for an opening.
Check and re-check your rulebase.
-----Original
Message-----
From: Serge
Vondandamo [mailto:[email protected]]
Sent: Thursday, March 14, 2002 12:11
PM
To:
[email protected]
Subject: Re: [FW-1] Does anyone know how
to block Kazaa, Morpheus and all these paras ites on a FW-1
?
No. This
is the highest rule in the rule-set .
And they
are definetely using Kazaa, I have checked and rechecked the rule and
everything si configured right.
No drop
or reject logs.
Cheers,
Serge
-----Original
Message-----
From: Stuart
Carrison [mailto:[email protected]]
Sent: jeudi 14 mars 2002
17:04
To:
[email protected]
Subject: Re: [FW-1] Does anyone know how
to block Kazaa, Morpheus and all these paras ites on a FW-1
?
this should do the
trick, probably you have an allow rule higher in the
rule-set?
Stu
-----Original
Message-----
From: Serge
Vondandamo [mailto:[email protected]]
Sent: 14 March 2002 15:10
To:
[email protected]
Subject: [FW-1] Does anyone know how to
block Kazaa, Morpheus and all these paras ites on a FW-1 ?
Hi,
I have made a rule rejecting all
incoming & Outgoing connections on UDP 1214 and TCP 1214, and I thought
that would block KazAa and some of these parasite but it did not
!!!
Users can still use Kazaa and share
files. Does anyone know how to effectively block this ?
Thanks for your
help.
Cheers,
Serge
-----Original
Message-----
From: Don [mailto:[email protected]]
Sent: jeudi 14 mars 2002
14:54
To:
[email protected]
Subject: Re: [FW-1] Source
IP change after creating uri
> I'm using FW 4.1 SP5, anyone any
idea how to get the FW to broadcast
> the actual source IP instead of
it's int IP after applying a URI
> resource to a rule ? ie would be
nice to know what host was attacking
> your dmz with a codered worm
etc...
There is no way to do this. When a
connection passes through the security server it is proxied and the source
becomes the firewall. You would need to look at the firewall logs to find the
source address.
-don
=================================================
To set vacation, Out Of
Office, or away messages,
send an email to
[email protected]
in the BODY of the email
add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this
mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions
on how to change your
subscription options,
email
[email protected]
=================================================
___________________________________________________________
Screwfix Direct
Ltd
Registered Office:
Houndstone Business
Park
Yeovil
BA22 8RT
Registered in
England Number 3006378
BUY ONLINE NOW at
http://www.screwfix.com
This e-mail is only
intended for the person(s) to whom it is addressed and may contain
confidential information.
Unless stated to the
contrary, any opinions or comments are personal to the writer and do not
represent the official view of the company. If you have received this e-mail
in error, please notify us immediately by reply e-mail and then delete this
message from your system. Please do not copy it or use it for any purposes, or
disclose its contents to any other person.
Thank you for your
co-operation.