• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2169
  • Last Modified:

Block BT / Web Radio port

I want apply rule to block / denied BT / Emule/ all internet radio traffic to my firewall, pls advice wich range or network port for related services.

Thanks
ITITITITITI
0
itjackiewong
Asked:
itjackiewong
4 Solutions
 
olifaragoCommented:
Hi itjackiewong,

Many programs such as BT have the ability to search out free ports so although they have default ports if they are blocked they will dynamically change.

Unless you have a reason not to, perhaps consider running your firewall with a list of accepted services not denied, i.e. block everything and just allow port 80 for web, 21 for ftp, etc.  This way you will have complete control over what services are permitted.

Hope this helps,
Oli
0
 
charan_jeetsinghCommented:
thats true, and most of the firewalls have deny all by default and only the necessary required ports are opened for communication. anyways... which firewall are u using?
0
 
itjackiewongAuthor Commented:
I used Watchguard FB1100. If block all be default , how can allow skype , because the skype is my office offical allow using IM.

Thx
ITITITI
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
olifaragoCommented:
Hi,

The following article on Skype's website explains the port requirements for Skype use.

http://www.skype.com/help/guides/firewall.html

Regards,
Oli
0
 
budchawlaCommented:
Hi itjackiewong,

The problema, as Oli mentioned is that blocking ports is not enough for most apps these days... they are quite good at circumventing SPI firewalls, and can even go over HTTP, which is impossible to block if you want web access.

The solution needs to be a bit more clever than an SPI firewall, needs deep packet inspection and needs to have signature lists that allow it to recognise what the traffic is, regardless of what port its using. I'm not too sure about the firebox 1100, but I know that any of the SonicWALLs with the IPS (intrusion prevention) service running will detect the services you mentioned (and a helluva lot more) and enable you to allow/block whichever services you want with a pretty good level of granularity. Would be worth finding out if the firebox has a similar ability...

For example, a snippet of a signature list from a TZ170:

eMule -- Client Activity Over HTTP      
eMule -- Connection Attempt
eMule -- Connection Attempt (Compressed)
eMule -- Connection Attempt (eMule Plus)
eMule -- Custom Connection Attempt
eMule -- File Download Request
eMule -- File Search (eMule Plus)
eMule -- Known Servers
eMule -- Outbound Server List Request
eMule -- Outbound Server List Request
eMule -- Partial File Receive
eMule -- Partial File Send
eMule -- Partial File Transfer Request
eMule -- Transfer Slot Request
eMule -- User Search
eMule -- User Search_2

and for multimedia traffic:

AOL browser login
AOL Radio -- Connection Attempt
Audio Galaxy -- Keepalive Activity
Icecast -- Playlist Redirection
Icecast -- Streaming Content Delivery
iTunes -- Client Activity
Multimedia Download
Musicmatch -- Connection Attempt
Musicmatch -- Connection Attempt (Jukebox Radio)
Quicktime -- Client Activity
RealMedia -- Client Activity (RMAgent)
SHOUTcast -- Generic Network Traffic
Shoutcast -- Playlist Redirection
Video Download
WinAmp -- Client Activity
WinAmp -- Client Activity
Windows Media -- Audio Download
Windows Media -- Real Time Streaming Connection
Windows Media -- WMServices 9.00 Delivery
XMMS -- Client Activity

HTH?
0
 
hstilesCommented:
The Gaveway AV/IPS for the Firebox is very good at blocking P2P and IM traffic trying to get out over port 80.  Furthermore, the HTTP proxy and web blocker are very powerful.  Using simple port rules is simply not enough to secure outbound web traffic nowadays, you need something application aware rather than something that just operates at the transport layer and below.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now