RE: pb with P2P...

From: John Brightwell (brightwell_151@yahoo.co.uk)
Date: 04/10/03

  • Next message: Gregory.Kane@hood-ctsfmail.army.mil: "re: Internet E-mail monitoring/approval" 
    Date: Thu, 10 Apr 2003 18:09:22 +0100 (BST)
From: John Brightwell <brightwell_151@yahoo.co.uk>
To: Security-Basics@Securityfocus.Com

    Many firewalls can understand the ftp protocol and
    inspect the traffic to identify the appropriate data
    port to open. Alternatively PASV ftp can be used which
    changes the selection of the data port to the server
    end (but this relies on the remote server and remote
    firewall being able to accommodate this connection).

    But I'd definitely use a policy of 'Block all unless
    explicity allowed' in the firewall. Without this
    ruling it's to easy for Malware or Misguided/Malicious
    users to open up a service on your network leaving you
    wide open.

    > Hi everyone,
    > I have to avoid users using P2P softs like Kazaa on
    a
    > network. I wanted
    > to close ports like 1214 but I red that theses softs
    can also use
    > dynamic ports. One solution could be to close every
    port that are not
    > used by "legal" application but for example, ftp is
    legal and use
    > dynamic port too for data...
    > Does anyone have a solution?? (Software or anything
    else)
    > Thanks in advance!!
    >

    __________________________________________________
    Yahoo! Plus
    For a better Internet experience
    http://www.yahoo.co.uk/btoffer

    -------------------------------------------------------------------
    Is SPAM over-loading your e-mail server, disk space or bandwidth?
    SurfControl E-Mail Filter is flexible, intelligent and policy-driven
    protection.
    http://www.securityfocus.com/SurfControl-security-basics2
    Download your free fully functional trial, complete with 30-days of free technical support.
    Stop SPAM before it stops you.
    -------------------------------------------------------------------

  • Next message: Gregory.Kane@hood-ctsfmail.army.mil: "re: Internet E-mail monitoring/approval"

    Relevant Pages

    • Re: Activesync / Airsync - Alternative Ports
      ... Setup a reverse HTTP proxy. ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to ...
      (microsoft.public.pocketpc.activesync)
    • Re: Activesync / Airsync - Alternative Ports
      ... "Chris De Herrera" wrote: ... Another idea is to use the PPTP capabilities of a Windows Server to allow ... Satellite - Cisco Firewall - Exchange Server ... So on the server side you would configure the port 80 to redirect to 8888 ...
      (microsoft.public.pocketpc.activesync)
    • Re: keeping ports open
      ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
      (microsoft.public.security)
    • Re: How to Maintain an IIS Server?
      ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: CEICW fails at firewall config
      ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
      (microsoft.public.windows.server.sbs)