Block Limewire/Bearshare

[leeym]

Does anyone know how to block internal users from downloading/uploading content to/from Limewire and Bearshare?

Thanks

 

[brontosaurus]

Depends on the complexity (or simplicity) of your network. You can block sites with firewalls, proxies, and/or policy. Let us know what you have.

 

[leeym]

i ended up blocking the below TCP incoming/outgoing connections like below:

Morpheus: 1214
WinMx: 7729-7735
Napster: 8875, 8888, 4444, 7777, 4200
Gnutella: 6346

 

[Spirit]

Thats all very well until someone goes into options - port settings in the p2p client and changes it to 80!

If your firewall supports it then you need to do packet inspection to ensure the traffic is what it claims to be.

I would create an IT policy make people sign it and remove offending software and run regular scans to ensure it isn' t reinstalled.

Iain

 

[porkchopexpress]

If it's just a few trouble users then you could try the free Appkiller it was designed for this purpose.

http://www.palmersoft.co.uk/software/appkiller.asp

 

[leeym]

Spirit,

How would I go about creating the IT policy you mentioned?

Porkchopexpress,

Would this application need to be installed on every workstation?

 

[Spirit]

It's not a technical thing but a political.

Basically there's laws governing businesses. In the uk if a business pc is used to down load illegal / copyrighted material without being a license holder then the MD / Director is held directly and PERSONALLY responsible for that breach.

Thats why in most businesses there is a employment contract (i.e. I will give 4 weeks notice, not turn up to work drunk etc.) and an IT one (I will not download porn, use equipment illegally, abuse resources etc.)

And yes AppKiller requires to be installed on each PC.

Iain

 

[leeym]

Hmmm, is there any way to block P2P applications at the firewall level?

 

[porkchopexpress]

Spirit is correct it will need installing on all PC's which is why i said if it's a small number of PC's.

I would recommend a review of your acceptable use policy, if you don't have on then it's about time you did. If they breach it then you can make it a HR issue.

 

[leeym]

So if users can easily change the port number, there really is no way to close down these P2P applications, correct?

 

[porkchopexpress]

As far as the firewall goes If they can change the P2P port to 80 then you're stuck unless you ban net access all together or use packet filtering.


You could try using group policy to ban the exe's.

Don't run specified Windows applications

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/gp/207.mspx?mfr=true

or even better

Software Restriction Policies

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

 

[leeym]

Porkchopexpress,

Great suggestion by using GPOs. However do you know of any sites that list common apps which administrators block along with their executable names? (i.e. bearshare.exe, limewire.exe, etc.)

Thanks

 

[N0ktar]

I used IMLogic which works quite well, it has been purchased by Symantec so we should see that tool again in near future.
It was free now we'll have to pay for it.

 

[leeym]

did IMLogic post a list of applications that are commonly blocked?

 

[porkchopexpress]

I don't think there is i'm afraid some companies run a white list where you only allow the exe's for your approved applications. This can require some testing to setup.

I would also look into the acceptable use policy and removing users admin rights so they can't install the software. You can use restricted groups in an Active Directory environment to remove them from local admins.

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

 

[58sniper]

First of all, if the users are only USERS on their PC, it's a little more difficult for them to install the apps in the first place.

GPOs are the best way, IMHO. You can really lock things down that way.

Pat Richard, MCSE MCSA:Messaging CNA MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt