Re: need help blocking ports on sonicwall router
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: need help blocking ports on sonicwall router

From: Duane Arnold <Notme@notme.com>
Date: Thu Jun 30 2005 - 10:15:39 CEST



ABS wrote:



> 


> "Duane Arnold" <Notme@notme.com> wrote in message


> news:B6Mwe.104028$_o.90020@attbi_s71...


>> ABS wrote:


>>


>>> I've got a sonicwall TZ170W and need to block a bunch of ports so users


>>> on


>>> my network can not access nntp usenet newsgroup servers over those


>>> ports. So should I be blocking outgoing or incomming? I think outgoing,


>>> but just want to make sure. The ports I will be blocking are-


>>> 119, 53, 23, 25, 9000, 8000, 3128, 563, 443


>>


>> Most likely outbound will do it.


>>


>>> I know 25 is smtp for email, so outgoing would be ok to block. 23


>>> outgoing


>>> should be ok to block as well. 443 incomming or outgoing I'm not sure


>>> since that's https/ssl stuff. 53 is DNS and since i am not running a dns


>>> server I'd block incomming right?


>>


>> You block 53 UDP outbound and no machine behind the router will be able


>> to contact the ISP's DNS server to convert url's or domain names to IP(s)


>> and won't be able to connect a site with a browser as an example.


>>


>>> Just looking for some clarification


>>> please. I'd also like to block domains, but don't know how since my


>>> ap[pliance doesn't seem to do that for anything but web domains. If I


>>> could block the nntp protocol entirely then it should work out better


>>> cus then in newsreader apps they can try to connect over port 80 but


>>> still be blocked i have heard.


>>


>> Just block port 119 as I don't think you can block NNTP by protocol.


>>


>>> Not sure though. For nntp servers that accept


>>> connections over port 80 the only thing i can try is to block the range


>>> of


>>> ips from that usenet server, but how would i find their range of ips


>>> they use? newsreader.com is one as well as a couple more servers I'm


>>> forgetting


>>> right now. So if I know the company, how do i find the ip range they are


>>> using for their news servers so I could just block the range?


>>


>> You might be able to use Arin WhoIs to make that determination of the


>> block


>> of IP(S) being used by the ISP. I took the IP to my ISP's NG server and


>> entered it and it cameback with the list of IP(s).


>>


>> Duane :)


>>


>>


> 


> I guess i don't know what is what in my router. Need to figure out how to


> get so any computer on my lan and wireless lan can not access wan and


> whatever port i say. there's so many options for the sonicwall it's


> confusing. i guess i have to call them.



I concur.



Duane :)


Received on Thu Sep 29 19:57:22 2005