Re: [fw-wiz] stop microsoft p2p

From: Mark Gumennik (mgumennik@mitre.org)
Date: 03/28/03

  • Next message: LE CORVIC Y InfoEdpEtcDep: "[fw-wiz] VPN client accessing wrong IP address." 
    From: Mark Gumennik <mgumennik@mitre.org>
Date: Fri, 28 Mar 2003 08:56:21 -0500

    Robert,
    my understanding is that you are trying to replace a layer 2 device with
    something that can give you security features in app layers. (switch is
    a layer 2 device, ladies and gents, don't touch that button)

    Well, there is a whole new breed, appropriately called IPS, not NIDS,
    that work at layer 2 instead of layer 3-4. They are especially good for
    stopping DoS and other flood -related attacks BEFORE a firewall.
    I am toying with idea of making one of them a hub for external side of
    my firewall and connecting it as a sensor to IDS through a serial link.
    Dunno the price, but they are more expensive than firewalls and require
    at least the same technical expertise as FWs (at this stage of their
    development). Few names: Captus Network, Arbor Networks, Vsecure
    Technologies (BTW I work for non-profit). All the companies try to
    extend the device capabilities beyond layer 2 and it's getting ugly
    right away (like layer 4 switch ;-{ )

    So: if you want to prevent AN APPLICATION talking to another machine,
    you have to go at least 2 layers higher. My advice: personal FW (free ->
    $30) Some of them (Zonealarm pro) have the capabilities to stop
    accepting TCP AND UDP packets by port ## (ya, as granular as this). I
    prefer a couple of free ones, but at .mil you can't have them, at least
    I would not suggest without SSAA (it will cost you more for approval
    than to buy an enterprise license)

    Cheers,
    Mark G
    Senior Netwk Sys&Dist Sys Engineer

    BTW, Q to our wizards: Can layer 2 device (HUB), located outside the
    firewall, be discovered by hackers over IP network (mostly ATM /
    Ethernet)? How? - no IP address

    >
    > > -----Original Message-----
    > > From: Robert E. Martin [mailto:rmartin@fishburne.org]
    > > Sent: Thursday, March 27, 2003 07:42
    > > To: firewall-wizards@honor.icsalabs.com
    > > Subject: [fw-wiz] stop microsoft p2p
    > >
    > > Anyone heard of a device or gizmo that replaces a hub or switch that can
    > > stop p2p or microsoft file sharing? scenario: two computers on the same
    > > segment connected via a hub or switch sharing files between themselves.
    > > Does not have to be music, could be data files, photos, copywritten data
    > > etc.. Can that be stopped?
    > > --

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: LE CORVIC Y InfoEdpEtcDep: "[fw-wiz] VPN client accessing wrong IP address."