You could block the entire domain (ip) at the router or firewall, instead of
filtering specific ports, I've seen that done for napster, works like a
charm and people just stop installing it.

jared

-----Original Message-----
From: Gu1tarb0yaol.com [mailto:Gu1tarb0yaol.com]
Sent: Monday, May 21, 2001 3:36 PM
To: focus-mssecurityfocus.com
Subject: Gnutella/Napster

I have some users loading Gnutella and NAPSTER. One of these machines was
left logged in (locked down) and some dubious non-official activity was
monitored from the machines, after the user had left for the day. It is my
understanding that their machine can pass along requests from someone else
within their peer-to-peer Gnutella horizon (like their own network). I was
told that Napster and Gnutella use ports 6699 and 6346 respectively; by
default. I want to block the activity of those users who would load this
unauthorized and therefore illegal software to machines on my domain. I
understand that Napster and Gnutella use ports 6699 and 6346 respectively.
Are there other ports pertaining to these applicaitons that I should be
concerned about? I understand that if the persons loading this software
choose other ports during installation, it would circumvent the ports I am
blocking.

I have scanned some workstation hardrives and find Napster directories. How
and where does Gnutella appear when loaded using default installation. Will
I
have to search the machines manually? Are there certain registries I can
check?
The OS NT 4.0.

Any other helpful information would be appreciated. I want to stop this
before it gets way out of hand.

Jim McFarlen

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]