Home page logo
/

basics logo Security Basics mailing list archives

Re: What addresses to put on my NEW black list?
From: nodialtone <nodialtone () comcast net>
Date: 22 Feb 2006 21:04:41 -0500

On Wed, 2006-02-22 at 19:10, Ryan Cummings wrote:
You might be much better off blocking the ports that
filesharing/streaming media come in on.  You should be able to do a
bit of searching around and find the default ports for most of these
applications and shut them down at the firewall level.  Also depending
on your firewall or even IDS (this is debatable on the use:P) you
could filter the content there.

I know searching around on shoutcast.com most of the streaming
stations use 8000+ for a port number so that is a good start.

On 2/22/06, phunked up! <phunkodelic () gmail com> wrote:
Trying to create a blacklist for my network.  Want to include
addresses for mainly streaming audio, and file shareing.  I have a
couple of network abusers who listen to internet radio that just don't
follow company policy which has banned it.  Yes I know I should try
and bust them but thats a pain in the butt and besides if I do that I
don't get the joy or experience of doing this.

First off I was going to deny the addresses of various "bad"
severs/web sites on the net at my firewall.  I was then going to
create a DNS entry that points all restriced IPs to a internal web
server that would host a page stating that the site is banned
(blackholing IPs).

As mentioned above the issue I have is finding the IP addresses to
ban.  Any help would be appreciated.

Thanks!

Hmm.  Yeah I missed the file sharing part of this discusison as the
target seemed to be more toward the music and streaming audiences in the
company.

But I certainly agree, the port and protocols are well documented for
most p2p (TCP) file sharing apps as well as the streaming (UDP) sites.

Again, diligent monitoring of your network goings ons would help guide
you I think.

-- 
-nodialtone
http://www.iatechconsultng.com

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]