RE: pb with P2P...

[Joseph Mears <joseph.mears () syntax co uk>]

Hi,

1) If you close 1214 as a destination port, this should not affect dynamic
source port connectivity. Just don't block source ports...if you're unsure
of what I'm talking about, read Cisco's CCNA courseware book - This text
really helped me to understand the basics of how application protocols such
as FTP actually work over TCP. Recommended.

Most modern firewalls (a la Check Point) will allow you to open up 21 as a
destination port for FTP clients and as long as they are using a PASV
connection... 

(Port numbers for FTP data connections are usually established by the FTP
client binding to a random local port and then notifying the FTP server of
the port number obtained. In contrast, with PASV (passive) connections, it
is the server that binds to a port and then notifies the client of the port
number) 

...will then dynamically allow traffic to the requested port on the server
side, thus allowing you to block all ports other than 21 and associated
connections. Remembering that the associated connections are only allowed
through after initiation from the client on 21 and will be subject to a TCP
state timeout (a la state table). Most will support normal or PORT FTP
connections but this is insecure (server side initiation of data connection)
and is not always supported on FTP servers from around our beautiful planet.

http://www.faqs.org/rfcs/rfc1579.html
http://www.ietf.org/rfc/rfc959.txt

Joe

-----Original Message-----
From: dessrezo [mailto:dessrezo () noos fr] 
Sent: Wednesday, April 09, 2003 8:44 AM
To: Security-Basics@Securityfocus. Com
Subject: pb with P2P...


Hi everyone,
I have to avoid users using P2P softs like Kazaa on a network. I wanted to
close ports like 1214 but I red that theses softs can also use dynamic
ports. One solution could be to close every port that are not used by
"legal" application but for example, ftp is legal and use dynamic port too
for data... 
Does anyone have a solution?? (Software or anything else) Thanks in
advance!!



-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection. http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support. Stop SPAM before it stops you.
-------------------------------------------------------------------


________________________________________________ 
 
This communication contains information which is 
confidential. It is for the exclusive use of the intended 
recipient(s). If you are not the intended recipient(s) 
please note that any distribution,copying or use of 
this communication or the information in it is strictly 
prohibited.

If you have received this communication in error 
please notify us by email (email.admin () syntax co uk) 
or by telephone (+44-20-7307-5000) and then delete 
the e-mail and any copies of it.

This communication is from Syntax Integration Limited.

Syntax Integration Limited does not accept any legal 
responsibility for the accuracy or otherwise of any 
information contained within or attached to this e-mail. 
Any views or opinions presented are solely those of 
the author and do not necessarily represent those of 
Syntax Integration Limited.


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------