Solved

Block BT / Web Radio port

Posted on 2006-11-23
8
2,120 Views
Last Modified: 2012-08-13
I want apply rule to block / denied BT / Emule/ all internet radio traffic to my firewall, pls advice wich range or network port for related services.

Thanks
ITITITITITI
0
Comment
Question by:itjackiewong
8 Comments
 
LVL 9

Accepted Solution

by:
olifarago earned 39 total points
ID: 18001926
Hi itjackiewong,

Many programs such as BT have the ability to search out free ports so although they have default ports if they are blocked they will dynamically change.

Unless you have a reason not to, perhaps consider running your firewall with a list of accepted services not denied, i.e. block everything and just allow port 80 for web, 21 for ftp, etc.  This way you will have complete control over what services are permitted.

Hope this helps,
Oli
0
 
LVL 8

Assisted Solution

by:charan_jeetsingh
charan_jeetsingh earned 37 total points
ID: 18002971
thats true, and most of the firewalls have deny all by default and only the necessary required ports are opened for communication. anyways... which firewall are u using?
0
 

Author Comment

by:itjackiewong
ID: 18003517
I used Watchguard FB1100. If block all be default , how can allow skype , because the skype is my office offical allow using IM.

Thx
ITITITI
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 9

Expert Comment

by:olifarago
ID: 18003537
Hi,

The following article on Skype's website explains the port requirements for Skype use.

http://www.skype.com/help/guides/firewall.html

Regards,
Oli
0
 
LVL 10

Assisted Solution

by:budchawla
budchawla earned 37 total points
ID: 18015079
Hi itjackiewong,

The problema, as Oli mentioned is that blocking ports is not enough for most apps these days... they are quite good at circumventing SPI firewalls, and can even go over HTTP, which is impossible to block if you want web access.

The solution needs to be a bit more clever than an SPI firewall, needs deep packet inspection and needs to have signature lists that allow it to recognise what the traffic is, regardless of what port its using. I'm not too sure about the firebox 1100, but I know that any of the SonicWALLs with the IPS (intrusion prevention) service running will detect the services you mentioned (and a helluva lot more) and enable you to allow/block whichever services you want with a pretty good level of granularity. Would be worth finding out if the firebox has a similar ability...

For example, a snippet of a signature list from a TZ170:

eMule -- Client Activity Over HTTP      
eMule -- Connection Attempt
eMule -- Connection Attempt (Compressed)
eMule -- Connection Attempt (eMule Plus)
eMule -- Custom Connection Attempt
eMule -- File Download Request
eMule -- File Search (eMule Plus)
eMule -- Known Servers
eMule -- Outbound Server List Request
eMule -- Outbound Server List Request
eMule -- Partial File Receive
eMule -- Partial File Send
eMule -- Partial File Transfer Request
eMule -- Transfer Slot Request
eMule -- User Search
eMule -- User Search_2

and for multimedia traffic:

AOL browser login
AOL Radio -- Connection Attempt
Audio Galaxy -- Keepalive Activity
Icecast -- Playlist Redirection
Icecast -- Streaming Content Delivery
iTunes -- Client Activity
Multimedia Download
Musicmatch -- Connection Attempt
Musicmatch -- Connection Attempt (Jukebox Radio)
Quicktime -- Client Activity
RealMedia -- Client Activity (RMAgent)
SHOUTcast -- Generic Network Traffic
Shoutcast -- Playlist Redirection
Video Download
WinAmp -- Client Activity
WinAmp -- Client Activity
Windows Media -- Audio Download
Windows Media -- Real Time Streaming Connection
Windows Media -- WMServices 9.00 Delivery
XMMS -- Client Activity

HTH?
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 37 total points
ID: 18020209
The Gaveway AV/IPS for the Firebox is very good at blocking P2P and IM traffic trying to get out over port 80.  Furthermore, the HTTP proxy and web blocker are very powerful.  Using simple port rules is simply not enough to secure outbound web traffic nowadays, you need something application aware rather than something that just operates at the transport layer and below.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now