Firewall Wizards mailing list archives
RE: Killing Napster and beyond...
From: Jürgen Nieveler <Juergen.Nieveler () arxes de>
Date: Thu, 19 Oct 2000 09:07:01 +0200
-----Original Message----- From: Chris Cappuccio [mailto:chris () empnet com] So far, most of the blocking works by what we can already do easily... 1. Block packets to/from IP address ranges of known servers 2. Block packets to TCP/UDP ports which are known as servers for these services Problems with 1. - What else are you blocking ??
The Users will let you know if they miss something. If you want security (and why else do you have a Firewall), then you block first and ask later. I've blocked the IP-Adresses for login.icq.com on my firewall, and the only effect so far was that people were unable to use ICQ.
2. - Any other service that uses the same port will not work
The Users will let you know if they miss something. Of course, any port NOT necessary would be blocked anyway, because blocking ports is the default setting for good firewalls.
- IPs can change, if the client points to a DNS name then it can change as often as it wants to
And I can set the DNS name of that server to 127.0.0.1 on my own DNS-Server, which is the only one my users are going to use.
- Ports can change, especially if the service is designed to work around port-based limitations
Which is why you block the IP and the DNS-Name.
Solution ? Subscription-based blocking service. This is a kludge, requires frequent changes to your router/firewall, and is basically ugly.
Agreed
Solution ? NFR type filter which can recognize this kind of traffic and block it off ? High overhead, requires frequent updates on router/firewall, and is basically ugly.
Agreed
Maybe a couple of universities who see Napster-type services as a large percentage of their traffic... For the most part, the only people I can imagine who would be concerned about this are the same people who are concerned about blocking porn on the web and that sort of stuff.
Add to this the companies who don't want to get into lawsuits about the "is Napster legal"-Question. Add to this companies who don't want private use of the Internet. Besided, it's not only Napster. If Napster can work through your Firewall, why shouldn't a Trojan do the same thing?
IP was designed to work around these sorts of limitations, not with them.
Which is why we got to stay ahead of the Users in this race, I guess. Mit freundlichen Grüßen / Yours sincerely Juergen Nieveler arxes Software Factory AG UB eCommerce Tel.: +49/241/16008-327 Fax: +49/241/16008-354 Email: juergen.nieveler () arxes de Web: www.arxes.de PGP: 2AAB A988 0B80 D53F FC53 3BED 8CC0 2092 922D 8378 (DH) 5ADF A15E 91E4 98DB 2391 0D29 8B08 A884 (RSA) Disclaimer: Views are mine, not my employers´ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Killing Napster and beyond..., (continued)
- Re: Killing Napster and beyond... R. DuFresne (Oct 18)
- Re: Killing Napster and beyond... Brad Van Orden (Oct 19)
- RE: Killing Napster and beyond... David O'Shea (Oct 19)
- Re: Killing Napster and beyond... R. DuFresne (Oct 19)
- RE: Killing Napster and beyond... Alan Young (Oct 19)
- Re: Killing Napster and beyond... Robert Collins (Oct 20)
- Re: Killing Napster and beyond... spiff (Oct 20)
- Re: Killing Napster and beyond... Joseph S D Yao (Oct 23)
- Re: Killing Napster and beyond... Brad Van Orden (Oct 19)
- Re: Killing Napster and beyond... David Hassilev (Oct 19)
- RE: Killing Napster and beyond... Andy Wigglesworth (Oct 27)
- RE: Killing Napster and beyond... Jürgen Nieveler (Oct 19)
- RE: Killing Napster and beyond... Harris, Tim (Oct 19)
- Re: Killing Napster and beyond... Vern Paxson (Oct 19)
- Re: Killing Napster and beyond... Brad Van Orden (Oct 19)
- Re: Killing Napster and beyond... Darren Reed (Oct 20)
- Re: Killing Napster and beyond... R. DuFresne (Oct 20)
- Re: Killing Napster and beyond... John McDermott (Oct 20)
- Re: Killing Napster and beyond... Brad Van Orden (Oct 19)
- RE: Killing Napster and beyond... Zarcone, Christopher (Oct 19)
- RE: Killing Napster and beyond... Barry Dykes (Oct 20)
- RE: Killing Napster and beyond... David O'Shea (Oct 20)
- RE: Killing Napster and beyond... Henry Sieff (Oct 19)
(Thread continues...)
- Re: Killing Napster and beyond... R. DuFresne (Oct 18)