|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Kazaa
Title: Message
Apart from the http-tunnel.com "like" servers, I believe that Kazaa is
able to perform http tunneling by itself, that is, it can connect to its "root"
or "login" servers by using http. I also believe that Kazaa is actually capable
of connecting to its "root" or "login" (you got the meaning) servers by
utilizing any port allowed to "go out" of the Organization, that is http, https,
dns, ssh or anything else you are permitting to go out. So, if you haven't done
already so, you should:
1. Block all the http-tunnel.com "alike" servers
2. Block all the IP Addresses Kazaa is using to authenticate its
clients
3. Permit access to specific outgoing services only to specific
internal IP addresses
(e.g. 192.168.0.1(Mail Server) - ANY - SMTP - ACCEPT - LONG
and not ANY - ANY - SMTP - ACCEPT)
4. Create HTTP with Resource objects in order to specify
the allowed WEB browsing
5. Create HTTP with Resource objects in order to deny specific
downloads
Another thing you should do is setup a Proxy server and only Hide NAT the
Proxy Server to the Internet. This way, you could make your life easier,
regarding your Rulebase, in terms of defining the HTTP
Resources.
These are my thoughts. You also mentioned something like "I have 20 of
http-tunnels servers blocked". Could you please post their names or IP Addresses
or both to this list or at least could you tell the list where to find
them?
Cheers,
Dimitris.
There is at least one "service" out there that
provides a tunnel via http. http-tunnel.com is one. I would find all
of these servers and block them. I have 20 of http-tunnels servers
blocked. Clearly the only reason for these things to exist is to circumvent
firewalls.
Andy
Luis Goncalves wrote:
I´m using FW-1. Sure, at this moment I only allow htttp/https, ftp, dns,
smtp and ssh. However, two or three guys are downloading from Kazaa....Is
any protocol/port to block ?
Luis Gonçalves
----- Original Message -----
From: "Rob Rutherford" <[email protected]>
To: <[email protected]>
Sent: Wednesday, March 05, 2003 10:59 AM
Subject: Re: [FW-1] Kazaa
Which firewall? You should really be blocking everything, except specific
ports that you decide to allow, i.e. HTTP, DNS, etc.
Robert Rutherford
|---------+---------------------------------------------->
| | Luis Goncalves |
| | <[email protected]> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[email protected]|
| | kpoint.com> |
| | |
| | |
| | 05/03/2003 10:24 |
| | Please respond to Mailing list for |
| | discussion of Firewall-1 |
| | |
|---------+---------------------------------------------->
---------------------------------------------------------------------------
-------------------|
|
|
| To: [email protected]
|
| cc:
|
| Subject: [FW-1] Kazaa
|
---------------------------------------------------------------------------
-------------------|
Hello friends,
I just have a big problem in my network...Some people are accessing Kazaa.,
and I don´t know how to stop that in my FW.
Anybody knows how to block Kazza
Thanks
Luis Gonçalves
********************************************************************
This E-mail and any files transmitted with it are in
commercial confidence and intended solely for the use of
the individual or entity to whom they are addressed.
If you have received this E-mail in error please notify the
Administrator by E-mail ([email protected]).
Any views or opinions expressed are solely those of the
author and do not necessarily represent those of
DEK International., or its affiliates.
********************************************************************
This footnote signifies that this message has been
checked for viruses by MailswpUK1
********************************************************************
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
--
Andy Druda
Director of Campus Technology
Wagner College
Staten Island, New York 10301
|
|