nanog mailing list archives
RE: Blocking Internet Gaming
From: "Dominic J. Eidson" <sauron () the-infinite org>
Date: Sun, 6 Jan 2002 19:44:16 -0600 (CST)
On Sun, 6 Jan 2002, Todd Suiter wrote:
Problem with that is you can spec those ports pretty much at will. This came up on the focus-ids@securityfocus list last week. Policy is a good place to start. Make it obvious that your org does not approve of this type of thing. Then start looking at tcpdump output to find the ports/people, and go from there.
There was a similar discussion to this one back when I first joined NANOG - anyways - to repeat my comment from back then.. I work for a healthcare network - for obvious reasons, we don't allow incoming connections through our firewall. The interesting part is though, that we also only allow limited access _out_ through our firewall - mainly because back in the days when we first got the setup, $$$'s for internet access were scarce, and in order to keep the traffic at reasonable rates (not to saturate our connection), we had to limit traffic in some way. The basic setup is disallow all outbound connections, save ports 20-21, 23, 109/110, 80 (with restiction, explanation follows) and 443. The restrictions on port 80, is done using Checkpoint's HTTP Client Auth agent - which authenticates through LDAP into NDS (we also restrict what users are allowed outbound access - not everybody at a hospital needs internet access). This setup tends to stop most internet-based games ('cept http-based ones) - and allows for nice monitoring of the remaining (allowed traffic). (We log all traffic going through the firewall - And don't give me any grief about violation of privacy.. big deal.) -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Current thread:
- Road Runner Andy Brezinsky (Jan 05)
- <Possible follow-ups>
- Re: Road Runner mikenoc (Jan 06)
- Blocking Internet Gaming Walter Gray (Jan 06)
- RE: Blocking Internet Gaming James (Jan 06)
- RE: Blocking Internet Gaming Todd Suiter (Jan 06)
- RE: Blocking Internet Gaming James (Jan 06)
- Re: Blocking Internet Gaming Jason Legate (Jan 09)
- RE: Blocking Internet Gaming Dominic J. Eidson (Jan 06)
- RE: Blocking Internet Gaming Dominic J. Eidson (Jan 06)
- Blocking Internet Gaming Walter Gray (Jan 06)
- RE: Blocking Internet Gaming Andy Walden (Jan 06)
- Re: Blocking Internet Gaming Scott Gifford (Jan 06)
- RE: Blocking Internet Gaming James (Jan 06)
- Re: Blocking Internet Gaming Scott Francis (Jan 06)
- Re: Blocking Internet Gaming achen-nanog (Jan 06)
- Re: Blocking Internet Gaming Brian Wallingford (Jan 06)
- Re: Blocking Internet Gaming Neil J. McRae (Jan 07)
- Re: Blocking Internet Gaming Dan Schmiedt (Jan 07)
- Re: Blocking Internet Gaming sthaug (Jan 07)