Solved

File Sharing and P2P Ports

Posted on 2003-11-14
4
726 Views
Last Modified: 2013-11-21
Does anyone have a list of them? I would like to block them. Thanks
0
Comment
Question by:drgh0st
4 Comments
 
LVL 6

Expert Comment

by:rj-smith
Comment Utility
No list, but I think each P2P network uses a different port.

The ones I do know are as follows:

GNUtella - 6346 to 6348
KaZaA - 1214

If your firewall's capable, it might be a better idea to log all traffic for a while to see what's used and then block everything else. After that, analyse your list and see what else can be discarded.

Hope that helps.
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 25 total points
Comment Utility
It's a slippery slope!

If you have cisco gear, take a look at NBAR

otherwise you'll have to work you way through each service:

example: kaaza - reverse ip lookup gives you kaaza's addresses: Start with blocking 212.100.253.45 212.100.253.44 and find the common commonlly used port(s):  http://www.seifried.org/security/ports/1000/1214.html

here's a commonly used list:
 412
1214
4661
 4662
4663
 4664
 4665
 6346
 6347
 6881
 6882
6883
 6884
 6885
6886

.. easily be defeated by people switching to non-default ports or UDP based protocols, some like WINMX don't need the ports open on both sides, some hide as http...

The first thing to do is WRITE A POLICY! advertise your policy, watch your bandwidth hogs, scan for Mp3's and P2P software on machines, do port scans for rogue servers... and hammer a couple of people - get HR to get them on the carpet - the word will get out.

There are a lot of products coming on line to combat the legal implications and bandwidth drain like
http://www.lowth.com/p2pwall/ftwall/

and scores of others, but watching traffic and communicating with employees is very effective
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now