RE: [fw-wiz] stop microsoft p2p

From: Bruce Platt (Bruce@ei3.com)
Date: 03/28/03

  • Next message: Mark Gumennik: "Re: [fw-wiz] stop microsoft p2p"
    From: Bruce Platt <Bruce@ei3.com>
    To: "Robert E. Martin" <rmartin@fishburne.org>, firewall-wizards@honor.icsalabs.com
    Date: Fri, 28 Mar 2003 08:42:47 -0500
    

    In addition to the other suggestions, here's one which will cost you a few
    bucks (somewhat less than $500 depending on where you buy it).

    Get a Netscreen 5-XP or 5-XT and run it in transparent mode. That way it is
    essentially a layer 2 bridge with no IP address on either interface. You
    can then configure it with policies to allow or deny any specific protocol
    traffic across it. One side of it would be called "V1-untrust" in Netscreen
    parlance, the other "V1-trust".

    You could then set up policies as follows:

    set policy id 5 from "V1-Untrust" to "V1-Trust" "Any" "Any" "nb stuff" Deny
    log
    set policy id 4 from "V1-Untrust" to "V1-Trust" "Any" "Any" "TFTP" Deny log

    set policy id 3 from "V1-Untrust" to "V1-Trust" "Any" "Any" "TELNET" Deny
    log
    set policy id 1 from "V1-Untrust" to "V1-Trust" "Any" "Any" "ANY" Permit
    log
    set policy id 0 from "V1-Trust" to "V1-Untrust" "Any" "Any" "ANY" Permit
    log

    Policies are applied from the top down. These would stop anything on the
    "V1-Untrust side from doing any Netbios stuff like file sharing, share
    browsing, etc. as well as tftp and telnet to the "V1-trust" side. All other
    traffic is allowed. In this case the service "nb stuff" was custom defined
    to include the ports 137-139 tcp and udp and 445 as well.

    Careful attention to which machine goes into which zone and
    modification/addition of above rules to suit allows this to meet your needs.

    (Disclaimer: I have no financial interest in Netscreen.)

    Regards

    > -----Original Message-----
    > From: Robert E. Martin [mailto:rmartin@fishburne.org]
    > Sent: Thursday, March 27, 2003 8:42 AM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] stop microsoft p2p
    >
    >
    > Anyone heard of a device or gizmo that replaces a hub or
    > switch that can
    > stop p2p or microsoft file sharing? scenario: two computers
    > on the same
    > segment connected via a hub or switch sharing files between
    > themselves.
    > Does not have to be music, could be data files, photos,
    > copywritten data
    > etc.. Can that be stopped?
    > --
    > Robert E Martin
    > IT Manager
    > Fishburne Military School
    > rmartin@fishburne.org
    > 540.946.7726
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Mark Gumennik: "Re: [fw-wiz] stop microsoft p2p"