Firewall Wizards mailing list archives
Re: Port numbers for Peer to Peer file sharing apps.
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 22 Nov 2002 10:50:04 +0100
Eric Vyncke wrote:
If you are concerned only by the waste of bandwidth, you may want to: - block all incoming TCP connections but the really needed ones
Um. That doesn't work for kazaa (fasttrack), gnutella, etc. These apps will detect if they're firewalled, and if two peers want to talk to eachother where one side is firewalled, the connection will always be initiated by the firewalled one. (And for public networks, every port is "needed" if you ask the users.)
- instead of blocking port 1214, ... you may want to use QoS feature on router or ... to limit the bandwidth to a few kbps The reason behind the second point is to fool the cluefull students: some traffic is going anyway, so, they will not try other ports but the default.
This would fool the clueLESS ones. It might hold the clueful ones at bay for a few weeks, until they realize "Hey, that's strange, I'm consistently getting N times the bandwidth when I leach 1337 stuff on IRC or via FTP.", at which point the worst bandwidth hogs _will_ move on to other protocols, or maybe start fiddling with their port number settings... and tell all their friends. Read this: http://helpdesk.gwu.edu/helpdesk/whatsnew/fall02/kazaa.100902.html "Kazaa v2 is bypassing all our controls! Argh!" And then take into account "helpful" sites like this one I found right away when googling for "get around bandwidth limits kazaa": http://www.dslreports.com/forum/remark,4481903~root=campus~mode=flat "Have you tried: Socks2Http - Tool to bypass firewalls and proxys that may be blocking KaZaA. Socks2HTTP is an agent converting SOCKS v.5 requests into HTTP requests and tunneling them through HTTP proxy. [...]" (And now I'm making it even easier to find when this gets added to the web archives. *sigh*)
NB: I admit that this is not an absolute design ;-)
You'd better :P -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Port numbers for Peer to Peer file sharing apps. Mark Whobrey (Nov 20)
- Re: Port numbers for Peer to Peer file sharing apps. Tony Howlett (Nov 20)
- Re: Port numbers for Peer to Peer file sharing apps. Mikael Olsson (Nov 21)
- Re: Port numbers for Peer to Peer file sharing apps. Eric Vyncke (Nov 22)
- Re: Port numbers for Peer to Peer file sharing apps. Mikael Olsson (Nov 22)
- Re: Port numbers for Peer to Peer file sharing apps. Eric Vyncke (Nov 22)
- Re: Port numbers for Peer to Peer file sharing apps. Eric Vyncke (Nov 22)
- <Possible follow-ups>
- RE: Port numbers for Peer to Peer file sharing apps. James Paterson (Nov 22)