[ previous ] [ next ] [ threads ]
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  waa dash m0n0wall at revpol dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking outbound traffic - concessus
 Date:  Thu, 31 Mar 2005 15:39:02 -0500
Thanks again for the words of wisdom.

Honestly, while p2p is an issue, fortunately our network is small
enough that our users know I would beat them with a wet-knoodle if I
found out they were using p2p.

That said, I will still proceed with locking it down further.

- Don

On Thu, 31 Mar 2005 15:14:10 -0500, William Arlofski
<waa dash m0n0wall at revpol dot com> wrote:
> Claude Morin wrote:
> > Be aware that many modern apps (e.g. P2P, IM, etc.) try fairly hard to find
> > some way out; many (most?) of them are able to tunnel across HTTP/HTTPS.
> >
> > In short, while the rules William lists are good, solid rules, they won't
> > stop P2P or IM.
> >
> > -klode
> You are absolutely correct. This is the reason I often recommend a proxy
> server.  The combination of squid (http://squid-cache.org) and Dan's
> Guardian (http://www.dansguardian.org) and a strict set of rules to only
> allow port 80/443 traffic from the proxy server allows for
> filtering,blocking etc via Dan's Guardian. :)
> It seems these days all these apps are set to fall back to just about
> any port (TCP or UDP) when their primary port is blocked. Even seen some
> use port 53/UDP.
> BTW (for the original poster)  Blocking everything also stops
> viruses/wrms/trojans from opening back-doors to IRC channels etc...
> I say block it all, and be careful what you allow out. Sad to say, but
> you need to treat your internal (trusted??) machines as the enemy as
> much or more so than the external Internet at large. :)
> -
> Bill Arlofski
> waa dash m0n0wall at revpol dot com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch