Blocking all P2P network in firewall

[HypNoTic]

Hi,

Our corporate users suddenly re-discovered P2P network (Morpheus mainly) and i'd like to block all those nasty little things right out of the box. Dont you know where i can found a complete listing of port to block in our Pix ?

Thanks,

-HypNoTic

 

[HypNoTic]

Well, here's a common listing for those of you that might be interested. Although i still think the best way to hardeing a firewall is to block all outbound connection and just open the required ports, but my boss does not think like that...



AIMSTER - PORT 5025

AUDIOGALAXY - PORT 9000

BEARSHARE, XOLOX, LIMEWIRE & MOST GNUTELLA CLIENTS - PORTS 6345, 6346, 6347, 6348, 6349

WINMX/OLD NAPSTER - PORT 6699

NEW NAPSTER - PORTS 8875, 8876, 8888

KAZAA/MORPHEUS - PORT 1214

EDONKEY2000 - PORTS 4661, 4662, 4665

GNOTELLA - PORTS 23, 80, 6667, 8080

 

[mboy]

Gnotella at 23 and 80? Um, be real careful blocking those or you will have some mighty unhappy users

 

[spidey07]

strange - first rule of a firewall is block all, then you add needed ports and addresses. Guess your boss is clueless.

If some of those are using port 80 then that blows. I'm seeing more and more non HTTP apps use port 80. downright dispicible.

Let us know what rules you've put in place and what P2P apps they've blocked when you get done testing.

Also, where did you find the port information? Maybe there are some logon servers these apps talk to and you could block those addresses as well (any port number) to keep them from registering. This is how we eliminated instant messengers like AIM, MS, Yahoo, ICQ.

 

[mboy]

Yeah, that damn Weatherbug crap uses port 80. Had to block like 4 weatherbug domain names to rid myself of it. Pain in the arse.
Block port 80 on your boses computer, see what happens

Mine doesnt know the difference between port 80, port 21 or a port-a-pottie for that matter

 

[narzy]

Originally posted by: spidey07
strange - first rule of a firewall is block all, then you add needed ports and addresses. Guess your boss is clueless.

If some of those are using port 80 then that blows. I'm seeing more and more non HTTP apps use port 80. downright dispicible.

Let us know what rules you've put in place and what P2P apps they've blocked when you get done testing.

Also, where did you find the port information? Maybe there are some logon servers these apps talk to and you could block those addresses as well (any port number) to keep them from registering. This is how we eliminated instant messengers like AIM, MS, Yahoo, ICQ.

teehee almost exactly what I was going to say, except not calling the boss clueless (insulting people makes you look like a huge ass not you personally but in general.) Instead of trying to battle users by blocking ports as they abuse them, block them before they can be abused. if your at work, most likely you only need the web, and E-mail, if you have your network layered logicly you can block the apropriate ports at the border and still freely use programs that need to be used in building between computers without a problem, if you need to open ports as needed. as to non HTTP apps using port 80, one solution (don't know if it even exists but am throwing it out there anyway) is to filter traffic to verify what is comming in and out of a port is what is SUPPOSED to be comming in and out of that port, basicly verifying ex. HTTP data is infact HTTP data.