El sÃb, 04 de 09 de 2004 a las 23:34, Eric Ellis escribiÃ: > Jose Maria Lopez wrote: > > El vie, 03 de 09 de 2004 a las 14:44, Miguel Angel Amador L escribiÃ: > > > >>Hi All, > >> I have a questions, what module i must be install for the P2P > >>conections ? (sorry for my english, is very slow) > >> Thnx a lot > >> > >>Regards > >> Miguel Amador L. > >> > > > > > > The port I use to block P2P (or to allow them if you want) are: > > > > KAZAA 1214/tcp > > NAPSTER 8888/tcp 7777/tcp 8875/tcp > > EDONKEY/EMULE 4662/tcp 4663/tcp > > WINMX 6699/tcp > > > > But have in mind that some of this programs can use SOCKS proxies or > > even standard ports like port 80/tcp to send or receive traffic. It > > can be a little tricky to stop them (easier to allow them, just open > > this ports and they will run). > > > > > I will be the first of many to say the following: > > Don't allow everything and drop what you don't want to get in. This is > bad form from a security standpoint, as there will almost always be new > things that use different ports. Best practice is to drop everything, > and allow what you want through explicitly. The initial set up might be > more difficult, and your rule list probably longer than the other way, > but in the end, your network security is what matters, and this practice > will help ensure that much better. I totally agree with that. If you look at our project bastion-firewall you should note that it always uses a deny policy and then open the ports you want to. What I was referring to it was that many people want to allow P2P, and that allowing P2P it's easier than blocking them, but of course the default policy in any modern firewall should be to deny all ports and then allow the traffic in some of them. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
