That's why I advocate the ISA's "deny all except that which I specify" default policy. Nothing passes except what I choose to allow. I'm just a little anal (rectal; colonial?) when it comes to my paid bandwidth... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, March 16, 2002 5:42 PM Subject: [isalist] Re: Using applications on server http://www.ISAserver.org Hi Jim, The more I see of this, the more adamant I'm becoming. Look at this crud generated in just 58 seconds from ONE user! Of course, the result code is satisfying :-) 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:07, -, -, -, -, 24.158.72.98, 1214, 200, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 19 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:07, -, -, -, -, 24.159.36.121, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 20 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:08, -, -, -, -, 65.95.193.156, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 21 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:09, -, -, -, -, 12.219.44.189, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 22 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:10, -, -, -, -, 24.60.93.236, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 23 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:10, -, -, -, -, 68.33.82.115, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 24 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:11, -, -, -, -, 12.227.2.195, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 25 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:12, -, -, -, -, 66.73.197.52, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 26 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:12, -, -, -, -, 12.254.236.116, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 27 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:13, -, -, -, -, 66.25.252.148, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 28 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:14, -, -, -, -, 24.187.169.139, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 29 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:15, -, -, -, -, 12.224.84.116, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 30 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:15, -, -, -, -, 12.234.81.86, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 31 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:16, -, -, -, -, 24.66.145.102, 12205, -, 0, 0, 12205, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 32 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:17, -, -, -, -, 24.217.193.26, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 33 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:18, -, -, -, -, 168.122.204.101, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 34 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:18, -, -, -, -, 172.150.221.16, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 35 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:19, -, -, -, -, 12.245.52.203, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 36 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:20, -, -, -, -, 66.74.119.184, 6347, -, 0, 0, 6347, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 37 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:21, -, -, -, -, 12.236.70.99, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 38 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:21, -, -, -, -, 66.176.89.75, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 39 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:22, -, -, -, -, 65.34.254.171, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 40 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:23, -, -, -, -, 62.107.72.92, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 41 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:23, -, -, -, -, 12.243.151.17, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 42 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:24, -, -, -, -, 67.34.184.116, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 43 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:25, -, -, -, -, 12.218.153.130, 6387, -, 0, 0, 6387, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 44 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:26, -, -, -, -, 204.118.186.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 46 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:26, -, -, -, -, 64.106.92.104, 1214, 160, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 45 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:27, -, -, -, -, 24.70.67.171, 6350, -, 0, 0, 6350, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 47 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:28, -, -, -, -, 24.79.6.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 48 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:29, -, -, -, -, 65.32.211.218, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 49 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:29, -, -, -, -, 142.179.26.199, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 50 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:30, -, -, -, -, 24.79.29.46, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 51 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:31, -, -, -, -, 68.45.172.148, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 52 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:32, -, -, -, -, 129.21.152.193, 1214, 531, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 53 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:32, -, -, -, -, 66.65.42.22, 6410, -, 0, 0, 6410, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 54 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:33, -, -, -, -, 24.72.59.50, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 55 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:34, -, -, -, -, 4.41.137.238, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 56 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:35, -, -, -, -, 12.219.28.253, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 57 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:35, -, -, -, -, 35.11.130.99, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 58 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:36, -, -, -, -, 24.25.92.49, 6387, -, 0, 0, 6387, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 59 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:37, -, -, -, -, 204.118.186.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 60 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:38, -, -, -, -, 168.122.168.26, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 61 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:38, -, -, -, -, 65.66.21.135, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 62 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:39, -, -, -, -, 172.182.157.186, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 63 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:40, -, -, -, -, 24.81.74.108, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 64 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:41, -, -, -, -, 216.78.107.68, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 66 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:42, -, -, -, -, 213.7.94.82, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 67 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:42, -, -, -, -, 129.119.179.17, 1214, 2053, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 65 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:43, -, -, -, -, 12.230.22.103, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 68 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:44, -, -, -, -, 65.28.72.104, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 69 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:45, -, -, -, -, 172.193.184.66, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 71 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:45, -, -, -, -, 168.122.249.229, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 70 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:46, -, -, -, -, 141.155.57.18, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 72 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:47, -, -, -, -, 68.56.105.159, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 73 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:48, -, -, -, -, 140.192.175.133, 1214, 90, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 74 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:48, -, -, -, -, 68.60.184.134, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 75 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:49, -, -, -, -, 65.26.82.169, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 76 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:50, -, -, -, -, 165.247.164.109, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 77 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:51, -, -, -, -, 24.91.86.194, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 78 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:51, -, -, -, -, 65.27.149.85, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 79 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:52, -, -, -, -, 142.163.166.110, 6411, 150, 0, 0, 6411, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 80 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:53, -, -, -, -, 217.226.205.44, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 81 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:54, -, -, -, -, 132.236.54.230, 1214, 120, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 82 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:54, -, -, -, -, 24.114.39.91, 6346, 110, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 83 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:56, -, -, -, -, 128.42.6.31, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 84 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:57, -, -, -, -, 24.88.101.159, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 85 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:57, -, -, -, -, 216.189.1.155, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 86 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:58, -, -, -, -, 207.175.219.173, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 87 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:59, -, -, -, -, 12.231.119.87, 6346, 70, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 88 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:00, -, -, -, -, 24.52.184.146, 1214, 10, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 89 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:00, -, -, -, -, 216.117.92.204, 6346, 110, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 90 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:01, -, -, -, -, 65.97.12.144, 6346, 70, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 91 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:03, -, -, -, -, 24.217.154.99, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 92 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:04, -, -, -, -, 66.66.130.24, 6348, 60, 0, 0, 6348, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 94 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:05, -, -, -, -, 24.82.214.229, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 11, 95 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:05, -, -, -, -, 24.96.58.244, 1214, 100, 0, 0, 1214, TCP, Connect, -, -, -, 13301, -, block user1001, Allow All Users, 10, 96 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, March 16, 2002 6:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Using applications on server http://www.ISAserver.org I totally agree with both of you (ask my daughter about what happened when I discovered morpheus entries in my FW logs). That's why I don't offer specific answer to "how do I" for them. That way I don't get into the "I have a right to" discussions with anyone. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Joseph" <cismic@xxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, March 16, 2002 1:47 PM Subject: [isalist] Re: Using applications on server http://www.ISAserver.org Hi Tom, I have a 19 year old. I'm the resident "FAN" man for my two brothers and their kids! They think I'm too paranoid about these things. I tell you I don't like programs to snoop on what I'm doing. I have nothing to hide but it is none of their business. One of the largest portals on file sharing programs is http://www.zeropaid.com/. There is some good information on what they are. You would be surprised at how many of them there are! I did a presentation at MS 2 years ago on common sense security. That covered programs like ICQ, mIRC, and what to do to protect your self from this type of intrusion. So, many people want these on a system. I should dig that out and email to you. It is basically pretty simple and talks about things that most people take for granted. Heck I don't even accept *.exe's from any one any more. Here are some interesting links on file sharing programs that I have in my favorites section: http://www.masternewmedia.com/issue7/share.htm http://www.usewisdom.com/weblog/peer.html http://www.scumware.com/ With most of these services you can block the ports that they use. With lime wire the biggest port to block is. 8989, 3289 etc. I think I should add the task of finding out all the ports that the shareware programs use. Joseph -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Saturday, March 16, 2002 1:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Using applications on server http://www.ISAserver.org Hi Joseph, This is a very big issue for those that run "Family Area Networks" (FANs), especially the fact that they kids install this stuff and the parents have no ideas what's going on. Unfortunately, I belong to that group right now, because I'm not well versed on exactly how these Scumware products work. I assume that all those dropped packets on my external interface are due to other Kaaza and Morpheus users attempting to create new (non-ACK) connections to my external interface because the file sharing program has shared the contents of a particular folder on the user's hard disk? You would have to open are particular port or ports by creating a server publishing rules for external users to create a new connection, wouldn't you? The Spyware, virus and Trojan issue is a big one too. Kids aren't too security minded because they think the world is a pretty bright and cheery place :-). It's good for kids to think that way because they should enjoy being kids before becoming neurotic later in life. BTW -- do you know if there are any good resources that give the details on how these app's work? Thanks! Tom -----Original Message----- From: Joseph [mailto:cismic@xxxxxxx] Sent: Saturday, March 16, 2002 2:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Using applications on server http://www.ISAserver.org Hello all, File sharing programs. I don't like all the hidden things that they could install on your system. There are so many out there now. Bear shear, Limewire, and of course the daddy of them all napster. Not only do they buildup lots of log file data improperly configured installing of these products open up the users system to potential abuse. For example if the system was setup at a root directory c:\ all the documents in the root directory could be available for searching. And, If I searched on *.doc or *.xls those files do appear for download. Now what happens if I get your credit card information or bank statements? The first thing I guess would be user education. But, it is the kids that usually load that software and parents don't have a clue. It's not necessarily the ports that I would worry about but more the key strokes logged and what files were downloaded. Some of the new installation programs install spy ware on the computers in use and transmit that back to a host system. Joseph -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Saturday, March 16, 2002 11:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Using applications on server http://www.ISAserver.org Hi Jim, I can't say enough about how much I hate file sharing programs :-() Our son came over to stay for a few days and decided that he wanted to use Kaaza and Morpheus. Our Firewall and packet filter logs for our SOHO usually run about 4-5 MBs/day. I opened things up a bit so that he could use Kaaza and Morpheus, and our firewall and packet filter logs for each of those days were over 40 MB!!! That was just one user. Can you imagine if you had a network of users using that cr*p? It boggles the mind. Thanks for listening :-) Tom www.isaserver.org/shinder -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, March 16, 2002 1:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Using applications on server http://www.ISAserver.org The first rule of firewalls is: Don't use them for anything else If you can place your file sharing app inside the firewall, you'll be much happier and safer. Applications running on the ISA need packet filters to access the Internet (unless they understand proxy settings). Protocol rules allow internal hosts to get out, but don't have any bearing on apps running on the ISA itself. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Paul Duthie" <duthie.paul.j@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, March 14, 2002 7:50 PM Subject: [isalist] Using applications on server http://www.ISAserver.org Hello Folks, I'm wanting to run some file sharing apps on my ISA server (which is connected to a cable modem) so that I can use my computer for other things. However, none of them seem to be able to connect through the firewall when they can connect through the firewall from the workstations. Any ideas ? -- Best regards, Paul Duthie duthie.paul.j@xxxxxxxxxxxxxxxxxx Network Manager, Ballarat High School www.ballaraths.vic.edu.au Sent Using The Bat! Version 1.54 Beta/45 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')