Block P2P
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Block P2P

  1. #1
    Member
    Join Date
    Jan 2002
    Posts
    61

    Block P2P

    I was wondering how I could block P2P programs such as Kazaa and Morpheus on a PIX 515r. I know that they connect initially on port 1214 and others use port 6346. Is blocking those ports enough? Also, what is the syntax of the statement to do this?

    Thanks a lot.

  2. #2
    Senior Member
    Join Date
    Sep 2002
    Posts
    236
    As far as I know if you don't have Kaaza or Morpheus you shouldn't have to worry about blocking them... If you do have them and don't want them to have any access then you should just take them off of the machine.. If you want to keep them I would sugest configuring your firewall to block their access...
    \"Nuts!\"- Commanding General 101st Airborne Division Dec 1944 in answer to German request that he surrender Bastogne during the Battle of the Bulge
    Life has a certian flavor for those who have fought and risked it all that the sheltered and protected can never experience.- John Stewart Mill
    White, Hetrosexual, Christian male. I own guns, hunt, eat meat, burn wood, and my wife wears fur... Any questions?

  3. #3
    Member
    Join Date
    Jan 2002
    Posts
    61
    Maybe, the wording of my question is throwing you off a bit. I want to block internal users that have kazaa and other P2P programs on their computers from connecting to those programs. The point at which I have choosen to block them is at the firewall level (PIX 515r). I know these programs connect using port 1214 and others use 6346. Is just blocking those ports enough to stop the P2P traffic or are further steps required. Also, what is the syntax to add these lines in the FW.

    Sorry for the confusion

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    What FW are you using?

    Best way to test this is to install these apps on your machine. Block those ports that they use, and then try to log on. If you can't log on, then you've got it. If you can, then take a look at the log files to see where and how these apps are getting through your FW. Block those points of entry, and then try to log on again.
    You might want to take a look at blocking these apps' logon servers as it may prove a more feasible solution.

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    304
    I believe he said he was using PIX 515r wich is Cisco I believe
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Some firewalls allow you to not let certain programs connect to the internet or even run. You should look for firewalls (namely ZoneAlarm, although I don't like it) that do that sort of thing. I hope I helped, and if I didn't than explain a little better.
    Space For Rent.. =]

  7. #7
    Member
    Join Date
    Jan 2002
    Posts
    61
    It is a Cisco 515r PIX FW that we are currently using. I added 6 lines:

    access-list acl_in deny tcp any any eq 1214
    access-list acl_in deny udp any any eq 1214
    access-list acl_in deny tcp any any eq 6346
    access-list acl_in deny udp any any eq 6346
    access-list acl_in permit ip any any

    access-group acl_in in interface inside

    This worked blocking users access to Kazaa and Morpheus. However within another popular P2P program, "WINMX", you have the abilty to change the tcp & udp ports that the program is using to connect. I am currently looking into ways to block that one.


    Sgt_B, you said, "If you can, then take a look at the log files to see where and how these apps are getting through your FW". It seems like you are talking about log files on the FW. Could you or someone else explain a little more about that. I have never viewed FW log file. Does it log all incoming and outgoing connections? How do I view it?

    Thanks again guys

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    I wish I could help there, but I've never used PIX so I can't tell you how really. Trust me though, find out how to view your log files. They are invaluable!
    What you can do, especially with this winmx app, is install the offending program on your machine. Then connect to the service. Take a look at your firewall log to see what port the service went out on, and where is the first place it went. The first place is usually a logon server of some sort. I've found that the easiest way to block programs that can change their outbound port is to block all access to the logon server.
    Ready for the next problem? Most services have multiple logon servers (Yahoo messenger has over 80) The trick is finding them. Ususally the app will try a logon server, and if it is blocked, it may try to go to the next one in its list. Keep an eye on the log files, and find out where its going.
    First thing's first though. Find out how to view your log files. Do some digging on google, and if all else fails, start a new post here. I'm sure there's plenty of people who use PIX, and I'm sure they'd be glad to help as well.


  9. #9
    Maby you should connect to the ip of your router,
    in some cases it will ask for a username and pass
    just leave the user blank
    and the pass should be admin
    possibly there you could find your logs.
    (this is just what i know to do using a linksys router)

  10. #10
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Lorenzo - Not having a username and password is a bad idea. Leaving the default username and password is even worse. You might want to correct this on your linksys

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •