On Tue, 2003-03-25 at 23:27, paulc@xxxxxxxxxxx wrote:
> The way I block Kazaa (and the other file sharing applications) is a
> blanket ban on all ports by default. I then open the ports as I think is
> appropriate at the firewall. These only include the port 23 for anyone
> wishing to use telnet. All web and ftp style ports on 80, 21 and the like
> are handled by a web-proxy to prevent using them for other purposes. All
> incoming connects (and lots of ICMP messages) are dropped by the firewall also.
>
How do you get passive ftp to work and not allow file sharing networks?
The firewall machine itself has full access to the internet, and all the Windows PC's use a web proxy to accept all web and ftp servers, so the firewall machine fetches the file, and passes it on. Therefore the only file sharing networks that will work are those that act as a web or ftp server on the standard ports.
