Solved

Block BT / Web Radio port

Posted on 2006-11-23
8
2,143 Views
Last Modified: 2012-08-13
I want apply rule to block / denied BT / Emule/ all internet radio traffic to my firewall, pls advice wich range or network port for related services.

Thanks
ITITITITITI
0
Comment
Question by:itjackiewong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Accepted Solution

by:
olifarago earned 39 total points
ID: 18001926
Hi itjackiewong,

Many programs such as BT have the ability to search out free ports so although they have default ports if they are blocked they will dynamically change.

Unless you have a reason not to, perhaps consider running your firewall with a list of accepted services not denied, i.e. block everything and just allow port 80 for web, 21 for ftp, etc.  This way you will have complete control over what services are permitted.

Hope this helps,
Oli
0
 
LVL 8

Assisted Solution

by:charan_jeetsingh
charan_jeetsingh earned 37 total points
ID: 18002971
thats true, and most of the firewalls have deny all by default and only the necessary required ports are opened for communication. anyways... which firewall are u using?
0
 

Author Comment

by:itjackiewong
ID: 18003517
I used Watchguard FB1100. If block all be default , how can allow skype , because the skype is my office offical allow using IM.

Thx
ITITITI
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 9

Expert Comment

by:olifarago
ID: 18003537
Hi,

The following article on Skype's website explains the port requirements for Skype use.

http://www.skype.com/help/guides/firewall.html

Regards,
Oli
0
 
LVL 10

Assisted Solution

by:budchawla
budchawla earned 37 total points
ID: 18015079
Hi itjackiewong,

The problema, as Oli mentioned is that blocking ports is not enough for most apps these days... they are quite good at circumventing SPI firewalls, and can even go over HTTP, which is impossible to block if you want web access.

The solution needs to be a bit more clever than an SPI firewall, needs deep packet inspection and needs to have signature lists that allow it to recognise what the traffic is, regardless of what port its using. I'm not too sure about the firebox 1100, but I know that any of the SonicWALLs with the IPS (intrusion prevention) service running will detect the services you mentioned (and a helluva lot more) and enable you to allow/block whichever services you want with a pretty good level of granularity. Would be worth finding out if the firebox has a similar ability...

For example, a snippet of a signature list from a TZ170:

eMule -- Client Activity Over HTTP      
eMule -- Connection Attempt
eMule -- Connection Attempt (Compressed)
eMule -- Connection Attempt (eMule Plus)
eMule -- Custom Connection Attempt
eMule -- File Download Request
eMule -- File Search (eMule Plus)
eMule -- Known Servers
eMule -- Outbound Server List Request
eMule -- Outbound Server List Request
eMule -- Partial File Receive
eMule -- Partial File Send
eMule -- Partial File Transfer Request
eMule -- Transfer Slot Request
eMule -- User Search
eMule -- User Search_2

and for multimedia traffic:

AOL browser login
AOL Radio -- Connection Attempt
Audio Galaxy -- Keepalive Activity
Icecast -- Playlist Redirection
Icecast -- Streaming Content Delivery
iTunes -- Client Activity
Multimedia Download
Musicmatch -- Connection Attempt
Musicmatch -- Connection Attempt (Jukebox Radio)
Quicktime -- Client Activity
RealMedia -- Client Activity (RMAgent)
SHOUTcast -- Generic Network Traffic
Shoutcast -- Playlist Redirection
Video Download
WinAmp -- Client Activity
WinAmp -- Client Activity
Windows Media -- Audio Download
Windows Media -- Real Time Streaming Connection
Windows Media -- WMServices 9.00 Delivery
XMMS -- Client Activity

HTH?
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 37 total points
ID: 18020209
The Gaveway AV/IPS for the Firebox is very good at blocking P2P and IM traffic trying to get out over port 80.  Furthermore, the HTTP proxy and web blocker are very powerful.  Using simple port rules is simply not enough to secure outbound web traffic nowadays, you need something application aware rather than something that just operates at the transport layer and below.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question