On Tue, Mar 25, 2003 at 09:27:16PM +0000, paulc@xxxxxxxxxxx wrote: > The way I block Kazaa (and the other file sharing applications) is a > blanket ban on all ports by default. I then open the ports as I think is > appropriate at the firewall. These only include the port 23 for anyone > wishing to use telnet. All web and ftp style ports on 80, 21 and the like > are handled by a web-proxy to prevent using them for other purposes. All > incoming connects (and lots of ICMP messages) are dropped by the firewall > also. In my personal experience, that still allows kazaa clients to download files. Uploads are prevented, and that's a good thing if you're committed to stopping p2p traffic. However it's only half a solution. The reality is, fighting p2p traffic is a losing battle. I suspect that's one of those things that will have to be addressed by corporate policy/enforcement and with host-based restrictions (don't let users install software on their own boxes). Kelly -- Kelly Setzer, System Administrator/Architect - Placemark Investments 14180 Dallas Pkwy, Suite 200, Dallas, TX 75240 kelly.setzer@xxxxxxxxxxxxx http://www.placemark.com (972)404-8100x41 (work) (214) 287-3464 (cell)
