Anyone know what ports to block to stop Kazaa or Kazaa lite from working.
Looking through the firewall logs, and the list seems to be endless........
3549
3889
2723
2596
3520
2097
3708
2087


etc.

Blocking port 1214 has no effect.
I need to allow this computer general access to the internet, but I want to block P2P apps like Kazaa. The only problem is that the firewall can only hold 30 rules, and this computer has all sorts of games on it, So I dont want to do a blanket block on all of the "high" ports on it, just the P2P ones.
Anyone have any Idea what to do?

Nope, if it's like Edonkey2000 the port can be ANYTHING you choose. Just remove the apps and surely nothing can communicate with it???

OR block EVERYTHING and then individually allow what you want to have access. This is the most secure way and how firewalls are supposed to work, you poke holes in it for certain apps :)

Dave

Bugger. I suspected that might be the case.:(
All incoming connections are automatically blocked anyway. I didn't want to do a blanket block on outgoing, as every time a new bit of software/game that uses the internet is installed, a large amount of fvcking around ensues.

Originally posted by Martin T
Bugger. I suspected that might be the case.:(
All incoming connections are automatically blocked anyway. I didn't want to do a blanket block on outgoing, as every time a new bit of software/game that uses the internet is installed, a large amount of fvcking around ensues.

Yep but it's best as you can stop spyware too as it can't connect unless you tell it to, you know it makes sense :)

Dave

Right then. Sod it its lockdown time.
Wahts the highest "useful" port used?
Off he top of my head I cant think of anything above 125!

Enjoy :D

http://www.iana.org/assignments/port-numbers

Dave

/me adds to favourites

Cheers Dave :)

Oh and BTW congrats incase you missed it on your attention whoring thread ;) :D

np mate :)

lol thx :)

Daqve

You need a packet analyser and block those types of packet instead of bloking the port as you are wasting your time trying to block ports, esp when they can use port 80. :D

You can get a packer header signature from ww.snort.org I believe.

I'm gonna put it on our IDS/IDP firewall thingy. :)

Originally posted by Jezz_S13
You need a packet analyser and block those types of packet instead of bloking the port as you are wasting your time trying to block ports, esp when they can use port 80. :D

As I've just found out:mad: :mad: :mad: :mad: from my packet sniffer!

aah, thats great....

just drag the fecker through disciplinary procedure. worked to reduce P2P abuse at the last place I worked.

My brain is starting to overheat at the thought of dealing with snort!:eek: :eek:

Originally posted by Martin T
My brain is starting to overheat at the thought of dealing with snort!:eek: :eek:

Snort doesn't actually block, it just gives stats etc, but this could be used to get a list of IP addresses.
You'd also need a pretty decent machine to sniff all traffic in and out, well depending on how much bandwidth you are having to sanitize.

You need a cool gadget like the one we have.
Fortigate 3600. :thumbs:

Any cheep/freeware IDS around?
Or a win32 piece of bandwidth restricting software?

Originally posted by stoofer
just drag the fecker through disciplinary procedure. worked to reduce P2P abuse at the last place I worked.
I would but its at my home and that will not work. I also cannot completely cut off internet access.