Re: need help blocking ports on sonicwall router
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: need help blocking ports on sonicwall router

From: ABS <f@f.com>
Date: Thu Jun 30 2005 - 08:38:08 CEST




"Duane Arnold" <Notme@notme.com> wrote in message 


news:B6Mwe.104028$_o.90020@attbi_s71...


> ABS wrote:


>


>> I've got a sonicwall TZ170W and need to block a bunch of ports so users 


>> on


>> my network can not access nntp usenet newsgroup servers over those ports.


>> So should I be blocking outgoing or incomming? I think outgoing, but just


>> want to make sure. The ports I will be blocking are-


>> 119, 53, 23, 25, 9000, 8000, 3128, 563, 443


>


> Most likely outbound will do it.


>


>> I know 25 is smtp for email, so outgoing would be ok to block. 23 


>> outgoing


>> should be ok to block as well. 443 incomming or outgoing I'm not sure


>> since that's https/ssl stuff. 53 is DNS and since i am not running a dns


>> server I'd block incomming right?


>


> You block 53 UDP outbound and no machine behind the router will be able to


> contact the ISP's DNS server to convert url's or domain names to IP(s) and


> won't be able to connect a site with a browser as an example.


>


>> Just looking for some clarification


>> please. I'd also like to block domains, but don't know how since my


>> ap[pliance doesn't seem to do that for anything but web domains. If I


>> could block the nntp protocol entirely then it should work out better cus


>> then in newsreader apps they can try to connect over port 80 but still be


>> blocked i have heard.


>


> Just block port 119 as I don't think you can block NNTP by protocol.


>


>> Not sure though. For nntp servers that accept


>> connections over port 80 the only thing i can try is to block the range 


>> of


>> ips from that usenet server, but how would i find their range of ips they


>> use? newsreader.com is one as well as a couple more servers I'm 


>> forgetting


>> right now. So if I know the company, how do i find the ip range they are


>> using for their news servers so I could just block the range?


>


> You might be able to use Arin WhoIs to make that determination of the 


> block


> of IP(S) being used by the ISP. I took the IP to my ISP's NG server and


> entered it and it cameback with the list of IP(s).


>


> Duane :)


>


>



I guess i don't know what is what in my router. Need to figure out how to 


get so any computer on my lan and wireless lan can not access wan and 


whatever port i say. there's so many options for the sonicwall it's 


confusing. i guess i have to call them. 


Received on Thu Sep 29 19:57:22 2005