Firewall Wizards mailing list archives

Re: Killing Napster

From: Robert Graham <robert_david_graham () yahoo com>
Date: Wed, 16 Feb 2000 17:22:21 -0800 (PST)

I looked at this a while ago. It appears that clients create an outgoing
connection to the directory server. If the client is behind a firewall (no
inbound connections) but somebody wants to download a file from your machine,
then the Napster directory server tells you (across the control connection) to
contact that user and send him the file.

The upshot is that if only one of you is behind a firewall, you can exchange
files. If BOTH of you are behind firewalls, you can't.

In any case, Napster is a social protocol. It's key feature is not that it can
download MP3s (FTP and HTTP can do that), but forces the user (with near Nazi
tactics) to provide files for upload. Consequently, it improves the
signal/noise ratio for users wanting to download files.

Now that people have published the protocol, it will only be a matter of time
before someone creates a version of Napster without the draconian publishing
requirements. This will ultimately destroy the Napster community, as people
stop sharing files. But, either Napster or some other program will rise in its
place with a more private protocol. After September, it may even use RSA/SSL,
which will begin to make our lives much harder.

Anyway, blocking outgoing TCP connections to port 6699 (napster directory
server) should fix the problem.


--- Andrew Scoggins <scoggins () progress com> wrote:

Hello all,

I am currently looking into killing the MP3 Program Napster. 

A user told me that he had been using it inside the firewall to download
files on an external Napster server. He assumed he was safe because he
was behind the firewall, but soon discovered that other users were
downloading from his machine. My guess is that Napster establishes a
connection from client to server that is used for uploads AND downloads.
So, the burning question is, has anyone blocked Napster by specifying
the destination port (which I haven't figured out yet) going out? I am
not running an application level firewall, so I can only do it by port.

Thanks for any help. I also post other info as I find it.

Andy

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
  Andy Scoggins
  Network Analyst
  Progress Software
  scoggins () progress com
=-=-=-=-=-=-=-=-=-=-=-=-=-=

  Information security is 
  Y2K without the deadline.


=====
Robert Graham  http://www.robertgraham.com/pubs
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Current thread:

Killing Napster Andrew Scoggins (Feb 16)
- Re: Killing Napster John Ladwig (Feb 17)
  - Re: Killing Napster Andrew Scoggins (Feb 17)
- Re: Killing Napster Jayson Broughton (Feb 17)
  - Re: Killing Napster Philip J. Koenig (Feb 23)
- Re: Killing Napster Kevin T. Shivers (Feb 17)
- <Possible follow-ups>
- RE: Killing Napster Nuno Fernandes (Feb 17)
- Re: Killing Napster Robert Graham (Feb 17)