blocking some common TCP/UDP ports

[Jodie]

I have an NT Server running firewall on my network to allow shared LAN
access to the internet. I want to be able to prevent downloads and uploads
EXCEPT from specified IP addresses.

I would also like to block MSN Messenger and Yahoo instant messenger unless
from specified IP addresses.

I want to allow HTTP only from most IP addresses and block MSN Messenger,
Yahoo Messenger, WinMX, Kazaa and all other common internet file sharing
systems.

My firewall allows my to do packet filtering based on protocols and their
port numbers. Can anyone tell me what are the common port numbers for these
applications or know where I can find that information? I now the general
number for HTTP, FTP etc. but I do not know what port number WinMx and the
others use.

Thanks.

 

[Steven L Umbach]

You may be doing this already, but it is best to have a block all default rule for
outbound access and then add the allowed exceptions. I will leave a link or two, but
you may have better luck searching http://google.com for the associated ports such as
"Yahoo messenger ports" or try to track them down yourself by using something like
TCPView [free from SysInternals] to see what ports are used on a test computer or
view your firewall logs. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.iss.net/security_center/advice/Exploits/Ports/
http://www.governmentsecurity.org/articles/CommonPorts.php

 

[Jodie]

Hey thanks Steve. You gave me exactly what I needed to know.

I am in a weird position of wanting to allow most internet access to all but
at the same time providing protection from internal security threats. It's
easy for me to harden the network from external attacks...just deny/drop
anything unsolicited. The internal stuff is tricky though.

Thanks again.

 

[Jodie]

Another quick question...

I want to be able to block certain users from sending attachments in their
email. Is there anyway I can configure this at each workstation? We do not
have our own email server. The workstations are Win2K Pro and XP Pro and
the PDC is an NT Server 4.0

You may be doing this already, but it is best to have a block all default rule for
outbound access and then add the allowed exceptions. I will leave a link or two, but
you may have better luck searching http://google.com for the associated ports such as
"Yahoo messenger ports" or try to track them down yourself by using something like
TCPView [free from SysInternals] to see what ports are used on a test computer or
view your firewall logs. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.iss.net/security_center/advice/Exploits/Ports/
http://www.governmentsecurity.org/articles/CommonPorts.php

I have an NT Server running firewall on my network to allow shared LAN
access to the internet. I want to be able to prevent downloads and uploads
EXCEPT from specified IP addresses.

I would also like to block MSN Messenger and Yahoo instant messenger unless
from specified IP addresses.

I want to allow HTTP only from most IP addresses and block MSN Messenger,
Yahoo Messenger, WinMX, Kazaa and all other common internet file sharing
systems.

My firewall allows my to do packet filtering based on protocols and their
port numbers. Can anyone tell me what are the common port numbers for these
applications or know where I can find that information? I now the general
number for HTTP, FTP etc. but I do not know what port number WinMx and the
others use.

Thanks.

 

[Steven Umbach]

I don't know of a way to do that at the client end, at least with Outlook
Express. -- Steve

Another quick question...

I want to be able to block certain users from sending attachments in their
email. Is there anyway I can configure this at each workstation? We do not
have our own email server. The workstations are Win2K Pro and XP Pro and
the PDC is an NT Server 4.0

You may be doing this already, but it is best to have a block all default rule for
outbound access and then add the allowed exceptions. I will leave a link or two, but
you may have better luck searching http://google.com for the associated ports such as
"Yahoo messenger ports" or try to track them down yourself by using something like
TCPView [free from SysInternals] to see what ports are used on a test computer or
view your firewall logs. --- Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.iss.net/security_center/advice/Exploits/Ports/
http://www.governmentsecurity.org/articles/CommonPorts.php

I have an NT Server running firewall on my network to allow shared LAN
access to the internet. I want to be able to prevent downloads and uploads
EXCEPT from specified IP addresses.

I would also like to block MSN Messenger and Yahoo instant messenger unless
from specified IP addresses.

I want to allow HTTP only from most IP addresses and block MSN Messenger,
Yahoo Messenger, WinMX, Kazaa and all other common internet file sharing
systems.

My firewall allows my to do packet filtering based on protocols and their
port numbers. Can anyone tell me what are the common port numbers for these
applications or know where I can find that information? I now the general
number for HTTP, FTP etc. but I do not know what port number WinMx and the
others use.

Thanks.