Solved

Block BT / Web Radio port

Posted on 2006-11-23
8
2,112 Views
Last Modified: 2012-08-13
I want apply rule to block / denied BT / Emule/ all internet radio traffic to my firewall, pls advice wich range or network port for related services.

Thanks
ITITITITITI
0
Comment
Question by:itjackiewong
8 Comments
 
LVL 9

Accepted Solution

by:
olifarago earned 39 total points
ID: 18001926
Hi itjackiewong,

Many programs such as BT have the ability to search out free ports so although they have default ports if they are blocked they will dynamically change.

Unless you have a reason not to, perhaps consider running your firewall with a list of accepted services not denied, i.e. block everything and just allow port 80 for web, 21 for ftp, etc.  This way you will have complete control over what services are permitted.

Hope this helps,
Oli
0
 
LVL 8

Assisted Solution

by:charan_jeetsingh
charan_jeetsingh earned 37 total points
ID: 18002971
thats true, and most of the firewalls have deny all by default and only the necessary required ports are opened for communication. anyways... which firewall are u using?
0
 

Author Comment

by:itjackiewong
ID: 18003517
I used Watchguard FB1100. If block all be default , how can allow skype , because the skype is my office offical allow using IM.

Thx
ITITITI
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 9

Expert Comment

by:olifarago
ID: 18003537
Hi,

The following article on Skype's website explains the port requirements for Skype use.

http://www.skype.com/help/guides/firewall.html

Regards,
Oli
0
 
LVL 10

Assisted Solution

by:budchawla
budchawla earned 37 total points
ID: 18015079
Hi itjackiewong,

The problema, as Oli mentioned is that blocking ports is not enough for most apps these days... they are quite good at circumventing SPI firewalls, and can even go over HTTP, which is impossible to block if you want web access.

The solution needs to be a bit more clever than an SPI firewall, needs deep packet inspection and needs to have signature lists that allow it to recognise what the traffic is, regardless of what port its using. I'm not too sure about the firebox 1100, but I know that any of the SonicWALLs with the IPS (intrusion prevention) service running will detect the services you mentioned (and a helluva lot more) and enable you to allow/block whichever services you want with a pretty good level of granularity. Would be worth finding out if the firebox has a similar ability...

For example, a snippet of a signature list from a TZ170:

eMule -- Client Activity Over HTTP      
eMule -- Connection Attempt
eMule -- Connection Attempt (Compressed)
eMule -- Connection Attempt (eMule Plus)
eMule -- Custom Connection Attempt
eMule -- File Download Request
eMule -- File Search (eMule Plus)
eMule -- Known Servers
eMule -- Outbound Server List Request
eMule -- Outbound Server List Request
eMule -- Partial File Receive
eMule -- Partial File Send
eMule -- Partial File Transfer Request
eMule -- Transfer Slot Request
eMule -- User Search
eMule -- User Search_2

and for multimedia traffic:

AOL browser login
AOL Radio -- Connection Attempt
Audio Galaxy -- Keepalive Activity
Icecast -- Playlist Redirection
Icecast -- Streaming Content Delivery
iTunes -- Client Activity
Multimedia Download
Musicmatch -- Connection Attempt
Musicmatch -- Connection Attempt (Jukebox Radio)
Quicktime -- Client Activity
RealMedia -- Client Activity (RMAgent)
SHOUTcast -- Generic Network Traffic
Shoutcast -- Playlist Redirection
Video Download
WinAmp -- Client Activity
WinAmp -- Client Activity
Windows Media -- Audio Download
Windows Media -- Real Time Streaming Connection
Windows Media -- WMServices 9.00 Delivery
XMMS -- Client Activity

HTH?
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 37 total points
ID: 18020209
The Gaveway AV/IPS for the Firebox is very good at blocking P2P and IM traffic trying to get out over port 80.  Furthermore, the HTTP proxy and web blocker are very powerful.  Using simple port rules is simply not enough to secure outbound web traffic nowadays, you need something application aware rather than something that just operates at the transport layer and below.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now