From owner-freebsd-security  Fri Nov 17 17:22:51 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP id 8C46837B479
	for <security@FreeBSD.ORG>; Fri, 17 Nov 2000 17:22:48 -0800 (PST)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id SAA20324;
	Fri, 17 Nov 2000 18:22:46 -0700 (MST)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id SAA23299;
	Fri, 17 Nov 2000 18:22:46 -0700 (MST)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14869.55781.674921.949509@nomad.yogotech.com>
Date: Fri, 17 Nov 2000 18:22:45 -0700 (MST)
To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>
Cc: security@FreeBSD.ORG
Subject: Re: Napster Port
In-Reply-To: <Pine.BSF.4.21.0011171936100.75956-100000@libertad.univalle.edu.co>
References: <Pine.BSF.4.21.0011171936100.75956-100000@libertad.univalle.edu.co>
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>  Hi to everyone! 
>  This is my question:
>  - I want to deny all access to Napster from my subnet. I'm using ip 
>    filter... but i dont know what is the port that i need to block...
>    Any sugestion about the right rule in my gateway??? 

This is the best I've got so far...

# Disable Napster
/sbin/ipfw add  600 deny log tcp from any to 208.178.163.56/29  via ${netif}
/sbin/ipfw add  610 deny log tcp from any to 208.178.175.128/29 via ${netif}
/sbin/ipfw add  620 deny log tcp from any to 208.49.239.240/28  via ${netif}
/sbin/ipfw add  630 deny log tcp from any to 208.49.228.0/24    via ${netif}
/sbin/ipfw add  640 deny log tcp from any to 208.184.216.0/24   via ${netif}
/sbin/ipfw add  650 deny log tcp from any to 64.124.41.0/24     via ${netif}
/sbin/ipfw add  660 deny log tcp from any 8888 to any           via ${netif}

{where 'netif' is the network interface for the internet}



Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message