From owner-freebsd-hackers Fri Oct 20 8:55:55 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id E944437B4C5 for ; Fri, 20 Oct 2000 08:55:48 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA14852; Fri, 20 Oct 2000 09:55:42 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id JAA04439; Fri, 20 Oct 2000 09:55:41 -0600 (MDT) (envelope-from nate) Date: Fri, 20 Oct 2000 09:55:41 -0600 (MDT) Message-Id: <200010201555.JAA04439@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: James Housley Cc: Nate Williams , freebsd-hackers@FreeBSD.ORG Subject: Re: Blocking Napster (WAS: IPFW bug/incoming TCP connections being let in.) In-Reply-To: <39F06A10.8643A0B0@thehousleys.net> References: <200010192029.OAA25357@nomad.yogotech.com> <200010201546.JAA04367@nomad.yogotech.com> <39F06A10.8643A0B0@thehousleys.net> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > I had blocked incoming TCP connections coming into my network using > > > IPFW, and I noticed that my brother was able to establish a Napster > > > connection, even though I had blocked it earlier. > > > > *sigh* > > > > Thanks to Guy Helmer for being patient with me as I fretted about this. > > > > I just found out that Napster leaves a client running in the background, > > and even though I had added firewall rules to block new connections to > > the server, the old 'established' connection was still up and running. > > > > This might be helpful to you and others. Since napster uses what ever > ports it can find the best way is to block the servers. > > # Napster > $fwcmd add deny tcp from any to 208.178.163.56/29 via tun0 > $fwcmd add deny tcp from any to 208.178.175.128/29 via tun0 > $fwcmd add deny tcp from any to 208.49.239.240/28 via tun0 > $fwcmd add deny tcp from any to 208.49.228.0/24 via tun0 > $fwcmd add deny tcp from any to 208.184.216.0/24 via tun0 I had these rules in place, but it appears that there are new servers in place. I also had to to add > $fwcmd add deny tcp from any to 64.124.41.0/24 via tun0 (I'm guessing it's a class C, I just had hit two addresses in that block, so I blocked the entire class C.) The above is the reason I was trying to do a 'port' block of the Napster servers, because trying to keep up with IP addresses is a real pain in the butt... Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message