Block P2P

Lor3nzo I think this firewall he's using is more of a Business class one than a home user/broadband router... :D

The logs on linksys routers are defaulted to off.

As a thought you could block access outgoing to all high ports >1024. This will cause some problems with other applications but you can allow those on a case by case basis. We only allow certain ports. It doesn't make our Realplayer and AOL Instant Messenger junkies happy but the price you pay.

Our router is high end Cisco 3640 but thanks anyway on the linksys info. (BTW Lor3nzo, leaving the default pw, not advised.) I will check into viewing the logs, thanks.

Now that we are on the subject of Linksys routers (not wireless). How is the security on those. Im thinking about getting one for home but want to know how secure you guys think it is. From what I can tell it just uses basic NAT.

WinMX uses TCP port 6699 and UDP port 6257. It won't run if the're blocked.

Those might be the standard ports, but they are user configurable, making the system admin's job a little harder.

Not only are the ports user configurable in WinMX but Kazaa looks like it uses random ports to download. I blocked port 1214, on both the outside and inside interface of the FW but users still could download files. When I do a "netstat -n" as I connect to download a file, I get different port numbers that that the prog is connecting to. This is getting me really PISSSED...... I need a break.

I was reading this quickly and maybe I missed something, but what is wrong with just uninstalling the P2P apps on the machines? If you are the sys. admin, network manager, etc, you should have rights to do this - why let the users even have the programs if you are going to block the access. Go to the source of the problem and uninstall the apps. If they install them right back, refer to your security policy for the company you work for to take the proper actions.