Re: Using applications on server

That's why I advocate the ISA's "deny all except that which I specify"
default policy.
Nothing passes except what I choose to allow.
I'm just a little anal (rectal; colonial?) when it comes to my paid
bandwidth...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, March 16, 2002 5:42 PM
Subject: [isalist] Re: Using applications on server


http://www.ISAserver.org


Hi Jim,

The more I see of this, the more adamant I'm becoming.  Look at this
crud generated in just 58 seconds from ONE user! Of course, the result
code is satisfying :-)

192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:07, -, -,
-, -, 24.158.72.98, 1214, 200, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 19
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:07, -,
-, -, -, 24.159.36.121, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 20
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:08, -,
-, -, -, 65.95.193.156, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 21
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:09, -,
-, -, -, 12.219.44.189, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 22
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:10, -, -,
-, -, 24.60.93.236, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 23
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:10, -,
-, -, -, 68.33.82.115, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 24
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:11, -,
-, -, -, 12.227.2.195, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 25
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:12, -,
-, -, -, 66.73.197.52, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 26
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:12, -, -,
-, -, 12.254.236.116, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 27
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:13, -,
-, -, -, 66.25.252.148, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 28
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:14, -,
-, -, -, 24.187.169.139, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 29
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:15, -, -,
-, -, 12.224.84.116, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 30
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:15, -,
-, -, -, 12.234.81.86, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 31
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:16, -,
-, -, -, 24.66.145.102, 12205, -, 0, 0, 12205, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 32
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:17, -,
-, -, -, 24.217.193.26, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 33
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:18, -, -,
-, -, 168.122.204.101, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 34
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:18, -,
-, -, -, 172.150.221.16, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 35
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:19, -,
-, -, -, 12.245.52.203, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 36
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:20, -,
-, -, -, 66.74.119.184, 6347, -, 0, 0, 6347, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 37
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:21, -, -,
-, -, 12.236.70.99, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 38
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:21, -,
-, -, -, 66.176.89.75, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 39
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:22, -,
-, -, -, 65.34.254.171, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 40
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:23, -,
-, -, -, 62.107.72.92, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 41
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:23, -, -,
-, -, 12.243.151.17, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 42
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:24, -,
-, -, -, 67.34.184.116, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 43
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:25, -,
-, -, -, 12.218.153.130, 6387, -, 0, 0, 6387, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 44
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:26, -,
-, -, -, 204.118.186.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 46
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:26, -, -,
-, -, 64.106.92.104, 1214, 160, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 45
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:27, -,
-, -, -, 24.70.67.171, 6350, -, 0, 0, 6350, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 47
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:28, -,
-, -, -, 24.79.6.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 11, 48
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:29, -, -,
-, -, 65.32.211.218, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 49
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:29, -,
-, -, -, 142.179.26.199, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 50
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:30, -,
-, -, -, 24.79.29.46, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 11, 51
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:31, -,
-, -, -, 68.45.172.148, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 52
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:32, -, -,
-, -, 129.21.152.193, 1214, 531, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 53
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:32, -,
-, -, -, 66.65.42.22, 6410, -, 0, 0, 6410, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 11, 54
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:33, -,
-, -, -, 24.72.59.50, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 11, 55
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:34, -,
-, -, -, 4.41.137.238, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 56
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:35, -, -,
-, -, 12.219.28.253, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 57
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:35, -,
-, -, -, 35.11.130.99, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 58
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:36, -,
-, -, -, 24.25.92.49, 6387, -, 0, 0, 6387, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 11, 59
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:37, -,
-, -, -, 204.118.186.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 60
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:38, -, -,
-, -, 168.122.168.26, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 61
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:38, -,
-, -, -, 65.66.21.135, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 62
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:39, -,
-, -, -, 172.182.157.186, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 63
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:40, -,
-, -, -, 24.81.74.108, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 64
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:41, -,
-, -, -, 216.78.107.68, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 66
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:42, -,
-, -, -, 213.7.94.82, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 11, 67
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:42, -, -,
-, -, 129.119.179.17, 1214, 2053, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 65
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:43, -,
-, -, -, 12.230.22.103, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 68
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:44, -,
-, -, -, 65.28.72.104, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 69
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:45, -,
-, -, -, 172.193.184.66, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 71
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:45, -, -,
-, -, 168.122.249.229, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 70
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:46, -,
-, -, -, 141.155.57.18, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 72
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:47, -,
-, -, -, 68.56.105.159, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 73
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:48, -, -,
-, -, 140.192.175.133, 1214, 90, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 74
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:48, -,
-, -, -, 68.60.184.134, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 75
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:49, -,
-, -, -, 65.26.82.169, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 76
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:50, -,
-, -, -, 165.247.164.109, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 77
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:51, -, -,
-, -, 24.91.86.194, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 78
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:51, -,
-, -, -, 65.27.149.85, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 79
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:52, -,
-, -, -, 142.163.166.110, 6411, 150, 0, 0, 6411, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 80
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:53, -,
-, -, -, 217.226.205.44, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 81
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:54, -, -,
-, -, 132.236.54.230, 1214, 120, 0, 0, 1214, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 10, 82
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:54, -,
-, -, -, 24.114.39.91, 6346, 110, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 83
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:56, -,
-, -, -, 128.42.6.31, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 84
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:57, -, -,
-, -, 24.88.101.159, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 85
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:57, -,
-, -, -, 216.189.1.155, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 86
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:58, -,
-, -, -, 207.175.219.173, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 87
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:59, -,
-, -, -, 12.231.119.87, 6346, 70, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 88
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:00, -, -,
-, -, 24.52.184.146, 1214, 10, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 89
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:00, -,
-, -, -, 216.117.92.204, 6346, 110, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 90
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:01, -,
-, -, -, 65.97.12.144, 6346, 70, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 91
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:03, -, -,
-, -, 24.217.154.99, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 92
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:04, -,
-, -, -, 66.66.130.24, 6348, 60, 0, 0, 6348, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 94
192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:05, -,
-, -, -, 24.82.214.229, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -,
13301, -, block user1001, Allow All Users, 11, 95
192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:05, -, -,
-, -, 24.96.58.244, 1214, 100, 0, 0, 1214, TCP, Connect, -, -, -, 13301,
-, block user1001, Allow All Users, 10, 96

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, March 16, 2002 6:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Using applications on server

http://www.ISAserver.org


I totally agree with both of you (ask my daughter about what happened
when I
discovered morpheus entries in my FW logs).
That's why I don't offer specific answer to "how do I" for them.
That way I don't get into the "I have a right to" discussions with
anyone.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Joseph" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, March 16, 2002 1:47 PM
Subject: [isalist] Re: Using applications on server


http://www.ISAserver.org


Hi Tom,

I have a 19 year old. I'm the resident "FAN" man for my two brothers and
their kids!  They think I'm too paranoid about these things.  I tell you
I don't like programs to snoop on what I'm doing.  I have nothing to
hide but it is none of their business.

One of the largest portals on file sharing programs is
http://www.zeropaid.com/.  There is some good information on what they
are. You would be surprised at how many of them there are!

I did a presentation at MS 2 years ago on common sense security. That
covered programs like ICQ, mIRC, and what to do to protect your self
from this type of intrusion. So, many people want these on a system.  I
should dig that out and email to you.  It is basically pretty simple and
talks about things that most people take for granted. Heck I don't even
accept *.exe's from any one any more.

Here are some interesting links on file sharing programs that I have in
my favorites section:
http://www.masternewmedia.com/issue7/share.htm
http://www.usewisdom.com/weblog/peer.html
http://www.scumware.com/

With most of these services you can block the ports that they use. With
lime wire the biggest port to block is. 8989, 3289 etc.  I think I
should add the task of finding out all the ports that the shareware
programs use.

Joseph


-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Saturday, March 16, 2002 1:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Using applications on server

http://www.ISAserver.org


Hi Joseph,

This is a very big issue for those that run "Family Area Networks"
(FANs), especially the fact that they kids install this stuff and the
parents have no ideas what's going on. Unfortunately, I belong to that
group right now, because I'm not well versed on exactly how these
Scumware products work. I assume that all those dropped packets on my
external interface are due to other Kaaza and Morpheus users attempting
to create new (non-ACK) connections to my external interface because the
file sharing program has shared the contents of a particular folder on
the user's hard disk? You would have to open are particular port or
ports by creating a server publishing rules for external users to create
a new connection, wouldn't you?

The Spyware, virus and Trojan issue is a big one too. Kids aren't  too
security minded because they think the world is a pretty bright and
cheery place :-). It's good for kids to think that way because they
should enjoy being kids before becoming neurotic later in life.

BTW -- do you know if there are any good resources that give the details
on how these app's work?

Thanks!

Tom

-----Original Message-----
From: Joseph [mailto:cismic@xxxxxxx]
Sent: Saturday, March 16, 2002 2:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Using applications on server

http://www.ISAserver.org


Hello all,

File sharing programs.  I don't like all the hidden things that they
could install on your system.  There are so many out there now. Bear
shear, Limewire, and of course the daddy of them all napster.

Not only do they buildup lots of log file data improperly configured
installing of these products open up the users system to potential
abuse.
For example if the system was setup at a root directory c:\ all the
documents in the root directory could be available for searching. And,
If I searched on *.doc or *.xls those files do appear for download.  Now
what happens if I get your credit card information or bank statements?
The first thing I guess would be user education.  But, it is the kids
that usually load that software and parents don't have a clue.

It's not necessarily the ports that I would worry about but more the key
strokes logged and what files were downloaded. Some of the new
installation programs install spy ware on the computers in use and
transmit that back to a host system.

Joseph

-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Saturday, March 16, 2002 11:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Using applications on server

http://www.ISAserver.org


Hi Jim,

I can't say enough about how much I hate file sharing programs :-() Our
son came over to stay for a few days and decided that he wanted to use
Kaaza and Morpheus. Our Firewall and packet filter logs for our SOHO
usually run about 4-5 MBs/day.

I opened things up a bit so that he could use Kaaza and Morpheus, and
our firewall and packet filter logs for each of those days were over 40
MB!!! That was just one user. Can you imagine if you had a network of
users using that cr*p? It boggles the mind.

Thanks for listening :-)

Tom
www.isaserver.org/shinder


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, March 16, 2002 1:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Using applications on server

http://www.ISAserver.org


The first rule of firewalls is:
    Don't use them for anything else
If you can place your file sharing app inside the firewall, you'll be
much
happier and safer.
Applications running on the ISA need packet filters to access the
Internet
(unless they understand proxy settings).
Protocol rules allow internal hosts to get out, but don't have any
bearing
on apps running on the ISA itself.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Paul Duthie" <duthie.paul.j@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, March 14, 2002 7:50 PM
Subject: [isalist] Using applications on server


http://www.ISAserver.org


Hello Folks,

I'm wanting to run some file sharing apps on my ISA server (which is
connected to a cable modem) so that I can use my computer for other
things. However, none of them seem to be able to connect through the
firewall when they can connect through the firewall from the
workstations. Any ideas ?


--
Best regards,
Paul Duthie                     duthie.paul.j@xxxxxxxxxxxxxxxxxx
Network Manager,
Ballarat High School            www.ballaraths.vic.edu.au
Sent Using The Bat! Version 1.54 Beta/45


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: