Firewall Wizards mailing list archives
Re: Killing Napster and beyond...
From: "Bruce M. Walker" <bmw () borderware com>
Date: Wed, 18 Oct 2000 18:20:46 -0400 (EDT)
Chris Cappuccio wrote:
I am opposed to this sort of blocking as a policy for several reasons,
So am I, but there are times...
| I was curious how others are handling these. Has anyone been successful | in blocking these programs? Is anyone else concerned about them? Maybe a couple of universities who see Napster-type services as a large percentage of their traffic... For the most part, the only people I can imagine who would be concerned about this are the same people who are concerned about blocking porn on the web and that sort of stuff.
T'ain't necessarily so. I was, for a couple of years, in charge of the data needs of a small multi-national co. In particular I had to get telnet sessions into an HP server for access to the central MIS system (A/R, G/L, sales, manu, etc.). Telnet is *not* b/w intensive. My solution for that was to create a star of VPN tunnels by buying connections from UUNET and setting-up small "brick wall" f/w's in Paris, Atlanta, Pittsburg, etc and tunneling IPsec to Toronto where the HP is. F/w rules allowed most any other protocol out (stateful pkt filter) for staff to web browse, et al. All went well until I started to get reports of "really slow access" and timeouts from Paris. Oh gawd, "slow access"; what can that mean? Long story made short: napster running on hosts in Paris was consuming *all* the bandwidth during the day. I changed the rules to *only* allow web (assume port 80), SMTP, SSH and telnet traffic. Problem solved, acounting goes back to work, suits are happy. Should have solved the problem as a people problem, you say? You sir, have never dealt with the French. ;-)
IP was designed to work around these sorts of limitations, not with them.
That is abundantly clear! -bmw _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Killing Napster and beyond... Todd Schroeder (Oct 16)
- Re: Killing Napster and beyond... Chris Cappuccio (Oct 18)
- Re: Killing Napster and beyond... Bruce M. Walker (Oct 19)
- Re: Killing Napster and beyond... R. DuFresne (Oct 18)
- Re: Killing Napster and beyond... Brad Van Orden (Oct 19)
- RE: Killing Napster and beyond... David O'Shea (Oct 19)
- Re: Killing Napster and beyond... R. DuFresne (Oct 19)
- RE: Killing Napster and beyond... Alan Young (Oct 19)
- Re: Killing Napster and beyond... Robert Collins (Oct 20)
- Re: Killing Napster and beyond... spiff (Oct 20)
- Re: Killing Napster and beyond... Joseph S D Yao (Oct 23)
- Re: Killing Napster and beyond... Brad Van Orden (Oct 19)
- <Possible follow-ups>
- Re: Killing Napster and beyond... David Hassilev (Oct 19)
- RE: Killing Napster and beyond... Andy Wigglesworth (Oct 27)
(Thread continues...)
- Re: Killing Napster and beyond... Chris Cappuccio (Oct 18)