Firewall Wizards mailing list archives
Re: Napster..
From: Arthur Clune <arthur () clune org>
Date: Thu, 22 Feb 2001 17:13:40 +0000
Some points. 1) To the person who asked what ports to block *inbound* to stop people sharing Napster while still letting his users use it. All of them. Default deny inbound. It really does make sense. Otherwise see below. 2) To block it outbound, since it can be easily proxied, we found the best solution was to make our DNS authoritive for napster.com. Then server<n>.napster.com won't resolve. We left www.napster.com and artist.napster.com in our DNS so people could view the web site. Combine that with blocking the common Napster ports at the firewall Napster Dir Servers: 4444,5555,6666,7777,8888 Napster Redirector: 8875 Napster client: 6097,6120,6336,6346,6688,6697,6699 (the client can use others, list from various web sources) That stops most people using it. If you have a setup where people can't alter their DNS easily then you're really on a winner. Arthur -- Arthur Clune "You have none. Get over it". Scott McNealy on on-line privacy PGP Public Key - http://www.clune.org/pubkey.txt _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Napster.., (continued)
- RE: Napster.. Ai Luong (Feb 21)
- RE: Napster.. Chris Beckwith (Feb 21)
- FBI's internal IT security Rama Kant (Feb 25)
- Re: Napster.. Ben Eisenbraun (Feb 21)
- Re: Napster.. daN. (Feb 25)
- Re: Napster.. John Ladwig (Feb 21)