Right said. There are HTTP tunnel progz, not to mention that,
indeed, Kazzzzzzaaaaaa and Morpheus can use ANY available port. Permiting for
everyone UDP 53 can do the trick. The same stands for AIM. As a matter of fact
most new appz like Kazzzzaaaaaa, Morpheus and S**T like that operate under the
same philosophy. As far as i can tell you have no chance. Not to mention that
"Login Servers" for Kaaaaazzzzzaaaaaaaa AND Morpheus can change (as they have
changed in the past). What i would do is make a REAL Security Policy
concerning the Company. Block ALL unwanted Downloads AND uploads and use a
Proxy for WEB browsing. Use CVP Server and Mail-Relay (McAfee can do the
trick) in order to block Viruses, unwanted attachements, specific "words"
inside e-mail. Create URI resources so that NOONE can download executable
files and S**T like that (Both HTTP & FTP). Install an IDS or better a IPS
so that you can REALLY see what the heck is going on. You can also create URI
resources for incoming HTTP traffic (i think you want to know what GET, PUT,
POST etc commands someone is sending @ your WEB Servers). So.... DENY
everything and after you have made a Complete Network Diagram including
Clients, Servers, Services etc, start permitting. But have in mind that the
default policy is ANY, ANY, ANY, DROP, LONG and not ANY, ANY, ANY, ACCEPT. Not
lecturing, just having bad memories regarding Policy made form Consultants and
"Experts" here in Greece. Yeap, Consultants are the best here in Greece. Their
Default Policy is ANY, ANY, ANY, ACCEPT. Yeap you Rock guys. Keep up the good
work. Not to mention anti-spoofing... Anti-spoofing? Can you eat this stuff?
Does it taste good? How much is it? Doooohhhhh.... Yes people. The best
practise is ANY, ANY, ANY, ACCEPT... After all you will not worry about your
policy, you will know from the start it accepts everything. You will not worry
in case you have not covered something (in the policy that is). You will have
your ass uncivered but who gives a flying banana? Right? Nothing personal
Serge.
-----Original Message-----
From:
t-systems-fitz [mailto:[email protected]]
Sent: Friday, March 15, 2002 8:02 AM
To: [email protected]
Subject: Re: [FW-1] Does anyone know how to block Kazaa, Morpheus and
all these paras ites on a FW-1 ?
Hello,
at first I am the same opinion as Dimitris, you better use
another strategy
for policy.
But anyway if you don't want to change it, blocking tcp and
udp port 1214
does not prevent users from using kazaa
or morpheus. These applications can
use socks proxys
for connecting, so if a user has access to a socks-proxy
outside your firewall, he can use kazaa.
b.t.w
tools like httport has a built in socks proxy. So a user can use this
socks proxy and can tunnel all kazaa-traffic trough http and
it seems for
you they only browse the web.
So I think you have no chance at your firewall. You have to
secure theis
desktops (host security not only network
security) !!!
best regards fitz
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set
fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please
see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================