Re: blocking nntp newsgroup usenet with Sonicwall TZ170W enhanced
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: blocking nntp newsgroup usenet with Sonicwall TZ170W enhanced

From: Mark <nothere@notthere.com>
Date: Mon Jun 27 2005 - 01:50:04 CEST



"Sonicwall TZ170W" <s@s.com> wrote in message


news:20050624031815.263$sG@news.newsreader.com...


>


> "Mark" <nothere@notthere.com> wrote in message


> news:42bb86a0$0$91606$bb4e3ad8@newscene.com...


> > "Sonicwall TZ170W" <s@s.com> wrote in message


> > news:20050623221416.166$gK@news.newsreader.com...


> >> Does anyone have any suggestions how I can use my Sonicwall TZ170W with


> >> SonicOS Enhanced 2.6 and block all usenet/nntp newsgroup access? Most


> > usenet


> >> servers accept connections on ports other then 119 and I know what


ports


> > are


> >> accepted, so I can block those, but how can I block nntp over port 80


> > since


> >> servers also accept connections on port 80?


> >>


> >>


> >


> > You could try the IPS security service, it detects unusual traffic over


> > port


> > 80 (such as HTTP tunnelling), I'm not sure if it detects NNTP. You


should


> > be


> > able to enable the 30 trial to test it out.


> >


> >


>


> I have all services possible except the AV right now since it's not


> available for the TZ170W yet in SonicOS Enhanced. The gateway AV I mean.


> IPS doesn't stop nntp at all from running on port 80 as I've had it


enabled


> and been able to access newsgroup servers on port 80 just fine. However I


> only blocked the major threat category and p2p I put in as block always.


>


> I orriginally thought of blocking incomming port 80 or outgoing port 80 as


> then nntp over port 80 would not work. However I was not sure if this


would


> also prevent web surfing since that also uses port 80.


>


> So I'm not sure what to do right now.


>


>



Blocking outgoing port 80 is bad, no one will be able to surf. I would


suggest that your best bet is to use viewpoint to log traffic (if you


brought the comprehensive bundle it came with viewpoint), if you spot heavy


traffic usage block by IP. Perhaps you could even try the Content filterig,


I found that the CFS blocked access to my newsgroup server.



You should also upgrade your TZ170W to SonicOS 3 Enhanced.


Received on Thu Sep 29 19:56:56 2005