RE: pb with P2P...

[John Brightwell <brightwell_151 () yahoo co uk>]

Many firewalls can understand the ftp protocol and
inspect the traffic to identify the appropriate data
port to open. Alternatively PASV ftp can be used which
changes the selection of the data port to the server
end (but this relies on the remote server and remote
firewall being able to accommodate this connection).

But I'd definitely use a policy of 'Block all unless
explicity allowed' in the firewall. Without this
ruling it's to easy for Malware or Misguided/Malicious
users to open up a service on your network leaving you
wide open.

> Hi everyone,
> I have to avoid users using P2P softs like Kazaa on
a 
> network. I wanted
> to close ports like 1214 but I red that theses softs
can also use
> dynamic ports. One solution could be to close every
port that are not
> used by "legal" application but for example, ftp is
legal and use
> dynamic port too for data... 
> Does anyone have a solution?? (Software or anything
else)
> Thanks in advance!!


__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer

-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------