U all are making me VERY nervous with your talk of lock downs. Makes me wanna check my logs. ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, March 16, 2002 9:55 PM Subject: [isalist] Re: Using applications on server > http://www.ISAserver.org > > > That's why I advocate the ISA's "deny all except that which I specify" > default policy. > Nothing passes except what I choose to allow. > I'm just a little anal (rectal; colonial?) when it comes to my paid > bandwidth... > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > ----- Original Message ----- > From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Saturday, March 16, 2002 5:42 PM > Subject: [isalist] Re: Using applications on server > > > http://www.ISAserver.org > > > Hi Jim, > > The more I see of this, the more adamant I'm becoming. Look at this > crud generated in just 58 seconds from ONE user! Of course, the result > code is satisfying :-) > > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:07, -, -, > -, -, 24.158.72.98, 1214, 200, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 19 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:07, -, > -, -, -, 24.159.36.121, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 20 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:08, -, > -, -, -, 65.95.193.156, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 21 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:09, -, > -, -, -, 12.219.44.189, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 22 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:10, -, -, > -, -, 24.60.93.236, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 23 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:10, -, > -, -, -, 68.33.82.115, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 24 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:11, -, > -, -, -, 12.227.2.195, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 25 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:12, -, > -, -, -, 66.73.197.52, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 26 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:12, -, -, > -, -, 12.254.236.116, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 27 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:13, -, > -, -, -, 66.25.252.148, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 28 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:14, -, > -, -, -, 24.187.169.139, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 29 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:15, -, -, > -, -, 12.224.84.116, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 30 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:15, -, > -, -, -, 12.234.81.86, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 31 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:16, -, > -, -, -, 24.66.145.102, 12205, -, 0, 0, 12205, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 32 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:17, -, > -, -, -, 24.217.193.26, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 33 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:18, -, -, > -, -, 168.122.204.101, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 34 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:18, -, > -, -, -, 172.150.221.16, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 35 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:19, -, > -, -, -, 12.245.52.203, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 36 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:20, -, > -, -, -, 66.74.119.184, 6347, -, 0, 0, 6347, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 37 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:21, -, -, > -, -, 12.236.70.99, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 38 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:21, -, > -, -, -, 66.176.89.75, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 39 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:22, -, > -, -, -, 65.34.254.171, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 40 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:23, -, > -, -, -, 62.107.72.92, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 41 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:23, -, -, > -, -, 12.243.151.17, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 42 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:24, -, > -, -, -, 67.34.184.116, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 43 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:25, -, > -, -, -, 12.218.153.130, 6387, -, 0, 0, 6387, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 44 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:26, -, > -, -, -, 204.118.186.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 46 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:26, -, -, > -, -, 64.106.92.104, 1214, 160, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 45 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:27, -, > -, -, -, 24.70.67.171, 6350, -, 0, 0, 6350, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 47 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:28, -, > -, -, -, 24.79.6.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 11, 48 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:29, -, -, > -, -, 65.32.211.218, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 49 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:29, -, > -, -, -, 142.179.26.199, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 50 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:30, -, > -, -, -, 24.79.29.46, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 11, 51 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:31, -, > -, -, -, 68.45.172.148, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 52 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:32, -, -, > -, -, 129.21.152.193, 1214, 531, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 53 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:32, -, > -, -, -, 66.65.42.22, 6410, -, 0, 0, 6410, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 11, 54 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:33, -, > -, -, -, 24.72.59.50, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 11, 55 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:34, -, > -, -, -, 4.41.137.238, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 56 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:35, -, -, > -, -, 12.219.28.253, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 57 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:35, -, > -, -, -, 35.11.130.99, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 58 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:36, -, > -, -, -, 24.25.92.49, 6387, -, 0, 0, 6387, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 11, 59 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:37, -, > -, -, -, 204.118.186.30, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 60 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:38, -, -, > -, -, 168.122.168.26, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 61 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:38, -, > -, -, -, 65.66.21.135, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 62 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:39, -, > -, -, -, 172.182.157.186, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 63 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:40, -, > -, -, -, 24.81.74.108, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 64 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:41, -, > -, -, -, 216.78.107.68, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 66 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:42, -, > -, -, -, 213.7.94.82, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 11, 67 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:42, -, -, > -, -, 129.119.179.17, 1214, 2053, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 65 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:43, -, > -, -, -, 12.230.22.103, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 68 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:44, -, > -, -, -, 65.28.72.104, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 69 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:45, -, > -, -, -, 172.193.184.66, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 71 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:45, -, -, > -, -, 168.122.249.229, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 70 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:46, -, > -, -, -, 141.155.57.18, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 72 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:47, -, > -, -, -, 68.56.105.159, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 73 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:48, -, -, > -, -, 140.192.175.133, 1214, 90, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 74 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:48, -, > -, -, -, 68.60.184.134, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 75 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:49, -, > -, -, -, 65.26.82.169, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 76 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:50, -, > -, -, -, 165.247.164.109, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 77 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:51, -, -, > -, -, 24.91.86.194, 1214, 60, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 78 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:51, -, > -, -, -, 65.27.149.85, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 79 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:52, -, > -, -, -, 142.163.166.110, 6411, 150, 0, 0, 6411, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 80 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:53, -, > -, -, -, 217.226.205.44, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 81 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:54, -, -, > -, -, 132.236.54.230, 1214, 120, 0, 0, 1214, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 10, 82 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:54, -, > -, -, -, 24.114.39.91, 6346, 110, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 83 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:56, -, > -, -, -, 128.42.6.31, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 84 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:35:57, -, -, > -, -, 24.88.101.159, 1214, 80, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 85 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:57, -, > -, -, -, 216.189.1.155, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 86 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:58, -, > -, -, -, 207.175.219.173, 6346, 10, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 87 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:35:59, -, > -, -, -, 12.231.119.87, 6346, 70, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 88 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:00, -, -, > -, -, 24.52.184.146, 1214, 10, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 89 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:00, -, > -, -, -, 216.117.92.204, 6346, 110, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 90 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:01, -, > -, -, -, 65.97.12.144, 6346, 70, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 91 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:03, -, -, > -, -, 24.217.154.99, 1214, 70, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 92 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:04, -, > -, -, -, 66.66.130.24, 6348, 60, 0, 0, 6348, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 94 > 192.168.1.145, user1001, morpheusp.exe:3:5.0, -, 3/16/2002, 19:36:05, -, > -, -, -, 24.82.214.229, 6346, -, 0, 0, 6346, TCP, Connect, -, -, -, > 13301, -, block user1001, Allow All Users, 11, 95 > 192.168.1.145, user1001, Kazaa.exe:3:5.0, -, 3/16/2002, 19:36:05, -, -, > -, -, 24.96.58.244, 1214, 100, 0, 0, 1214, TCP, Connect, -, -, -, 13301, > -, block user1001, Allow All Users, 10, 96 > > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Saturday, March 16, 2002 6:22 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Using applications on server > > http://www.ISAserver.org > > > I totally agree with both of you (ask my daughter about what happened > when I > discovered morpheus entries in my FW logs). > That's why I don't offer specific answer to "how do I" for them. > That way I don't get into the "I have a right to" discussions with > anyone. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > ----- Original Message ----- > From: "Joseph" <cismic@xxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Saturday, March 16, 2002 1:47 PM > Subject: [isalist] Re: Using applications on server > > > http://www.ISAserver.org > > > Hi Tom, > > I have a 19 year old. I'm the resident "FAN" man for my two brothers and > their kids! They think I'm too paranoid about these things. I tell you > I don't like programs to snoop on what I'm doing. I have nothing to > hide but it is none of their business. > > One of the largest portals on file sharing programs is > http://www.zeropaid.com/. There is some good information on what they > are. You would be surprised at how many of them there are! > > I did a presentation at MS 2 years ago on common sense security. That > covered programs like ICQ, mIRC, and what to do to protect your self > from this type of intrusion. So, many people want these on a system. I > should dig that out and email to you. It is basically pretty simple and > talks about things that most people take for granted. Heck I don't even > accept *.exe's from any one any more. > > Here are some interesting links on file sharing programs that I have in > my favorites section: > http://www.masternewmedia.com/issue7/share.htm > http://www.usewisdom.com/weblog/peer.html > http://www.scumware.com/ > > With most of these services you can block the ports that they use. With > lime wire the biggest port to block is. 8989, 3289 etc. I think I > should add the task of finding out all the ports that the shareware > programs use. > > Joseph > > > -----Original Message----- > From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Saturday, March 16, 2002 1:21 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Using applications on server > > http://www.ISAserver.org > > > Hi Joseph, > > This is a very big issue for those that run "Family Area Networks" > (FANs), especially the fact that they kids install this stuff and the > parents have no ideas what's going on. Unfortunately, I belong to that > group right now, because I'm not well versed on exactly how these > Scumware products work. I assume that all those dropped packets on my > external interface are due to other Kaaza and Morpheus users attempting > to create new (non-ACK) connections to my external interface because the > file sharing program has shared the contents of a particular folder on > the user's hard disk? You would have to open are particular port or > ports by creating a server publishing rules for external users to create > a new connection, wouldn't you? > > The Spyware, virus and Trojan issue is a big one too. Kids aren't too > security minded because they think the world is a pretty bright and > cheery place :-). It's good for kids to think that way because they > should enjoy being kids before becoming neurotic later in life. > > BTW -- do you know if there are any good resources that give the details > on how these app's work? > > Thanks! > > Tom > > -----Original Message----- > From: Joseph [mailto:cismic@xxxxxxx] > Sent: Saturday, March 16, 2002 2:54 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Using applications on server > > http://www.ISAserver.org > > > Hello all, > > File sharing programs. I don't like all the hidden things that they > could install on your system. There are so many out there now. Bear > shear, Limewire, and of course the daddy of them all napster. > > Not only do they buildup lots of log file data improperly configured > installing of these products open up the users system to potential > abuse. > For example if the system was setup at a root directory c:\ all the > documents in the root directory could be available for searching. And, > If I searched on *.doc or *.xls those files do appear for download. Now > what happens if I get your credit card information or bank statements? > The first thing I guess would be user education. But, it is the kids > that usually load that software and parents don't have a clue. > > It's not necessarily the ports that I would worry about but more the key > strokes logged and what files were downloaded. Some of the new > installation programs install spy ware on the computers in use and > transmit that back to a host system. > > Joseph > > -----Original Message----- > From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Saturday, March 16, 2002 11:55 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Using applications on server > > http://www.ISAserver.org > > > Hi Jim, > > I can't say enough about how much I hate file sharing programs :-() Our > son came over to stay for a few days and decided that he wanted to use > Kaaza and Morpheus. Our Firewall and packet filter logs for our SOHO > usually run about 4-5 MBs/day. > > I opened things up a bit so that he could use Kaaza and Morpheus, and > our firewall and packet filter logs for each of those days were over 40 > MB!!! That was just one user. Can you imagine if you had a network of > users using that cr*p? It boggles the mind. > > Thanks for listening :-) > > Tom > www.isaserver.org/shinder > > > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Saturday, March 16, 2002 1:33 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Using applications on server > > http://www.ISAserver.org > > > The first rule of firewalls is: > Don't use them for anything else > If you can place your file sharing app inside the firewall, you'll be > much > happier and safer. > Applications running on the ISA need packet filters to access the > Internet > (unless they understand proxy settings). > Protocol rules allow internal hosts to get out, but don't have any > bearing > on apps running on the ISA itself. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > ----- Original Message ----- > From: "Paul Duthie" <duthie.paul.j@xxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, March 14, 2002 7:50 PM > Subject: [isalist] Using applications on server > > > http://www.ISAserver.org > > > Hello Folks, > > I'm wanting to run some file sharing apps on my ISA server (which is > connected to a cable modem) so that I can use my computer for other > things. However, none of them seem to be able to connect through the > firewall when they can connect through the firewall from the > workstations. Any ideas ? > > > -- > Best regards, > Paul Duthie duthie.paul.j@xxxxxxxxxxxxxxxxxx > Network Manager, > Ballarat High School www.ballaraths.vic.edu.au > Sent Using The Bat! Version 1.54 Beta/45 > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > cismic@xxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > cismic@xxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: strangconst@xxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')