NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?



Title: Message
I disagree!
Kazaa, Morpheus and AudioGalaxy are working fine without explicit rules allowing it.  I would like to block these services also.
-----Original Message-----
From: Christopher Collins [mailto:[email protected]]
Sent: Thursday, March 14, 2002 1:46 PM
To: [email protected]
Subject: Re: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?

Check Point blocks traffic bound for port 1214 by default, so you shouldn’t even need a rule to block Kazaa and Morpheus. You would actually have to have a rule which allows them access to port 1214 in order for them to work. We have them blocked and didn’t need a rule to do it. You must (inadvertently) have a rule which is allowing that traffic out. Kazaa and Morpheus are not that smart, so they won’t jump around to different ports looking for an opening. Check and re-check your rulebase.

 

 

 

-----Original Message-----
From: Serge Vondandamo [mailto:[email protected]]
Sent: Thursday, March 14, 2002 12:11 PM
To: [email protected]
Subject: Re: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?

 

No. This is the highest rule in the rule-set .

And they are definetely using Kazaa, I have checked and rechecked the rule and everything si configured right.

No drop or reject logs.

 

Cheers,

Serge

-----Original Message-----
From: Stuart Carrison [mailto:[email protected]]
Sent: jeudi 14 mars 2002 17:04
To: [email protected]
Subject: Re: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?

this should do the trick, probably you have an allow rule higher in the rule-set?

 

Stu

-----Original Message-----
From: Serge Vondandamo [mailto:[email protected]]
Sent: 14 March 2002 15:10
To: [email protected]
Subject: [FW-1] Does anyone know how to block Kazaa, Morpheus and all these paras ites on a FW-1 ?

Hi,

I have made a rule rejecting all incoming & Outgoing connections on UDP 1214 and TCP 1214, and I thought that would block KazAa and some of these parasite but it did not !!!

Users can still use Kazaa and share files. Does anyone know how to effectively block this ?
Thanks for your help.

Cheers,
Serge

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: jeudi 14 mars 2002 14:54
To: [email protected]
Subject: Re: [FW-1] Source IP change after creating uri

 

> I'm using FW 4.1 SP5, anyone any idea how to get the FW to broadcast
> the actual source IP instead of it's int IP after applying a URI
> resource to a rule ? ie would be nice to know what host was attacking
> your dmz with a codered worm etc...
There is no way to do this. When a connection passes through the security server it is proxied and the source becomes the firewall. You would need to look at the firewall logs to find the source address.

-don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected] =================================================

intY (www.inty.com) has automatically scanned this email with Sophos Anti-Virus

 

___________________________________________________________

Screwfix Direct Ltd

Registered Office:

Houndstone Business Park

Yeovil

BA22 8RT

Registered in England Number 3006378

 

BUY ONLINE NOW at http://www.screwfix.com

 

This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information.

Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of the company. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person.

Thank you for your co-operation.

intY (www.inty.com) has automatically scanned this email with Sophos Anti-Virus

 



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.