General discussion

Locked

forbid getright connections

By dtrifonov ·
Hi. How can I limit or forbid traffic initiated by download managers in my network? How can I distiguish those type of traffic from regular internet traffic? I use Windows 2003 as a server (PDC)and NAT.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to forbid getright connectio ...

You don't use your PDC as a proxy server.

You set up an additional server to operate as a proxy server and then only permit the traffic which you understand into the network. You deny all else.

Below is a list of the Well Known Ports from IANA:

http://www.iana.org/assignments/port-numbers

SANS list of well known Trojan used ports:

http://www.sans.org/resources/idfaq/oddports.php

Collapse -

by dtrifonov In reply to

Poster rated this answer.

Collapse -

by Curacao_Dejavu In reply to forbid getright connectio ...

use any good firewall (winfoute or ISA server) or a hardware firewall dlink, linksys,sonic wall).
In general with the software firewall you can block programs and ports , with the hardware firewall you you be only able to block the ports.

Best practice is only open the ports that you need (for example 80 which is webbrowsing) and everything else, and open additional ports only for known traffic.

Leopold

Collapse -

by dtrifonov In reply to

Poster rated this answer.

Collapse -

by d'solve IT In reply to forbid getright connectio ...

Hi,

This is a tough one - almost all download managers use HTTP or FTP ports. So blocking these ports would also block legitimate users. Also, if you are using ISA server with Firewall client installed - the download managers are smart enough to use the settings from Internet Explorer and thrart your intentions of blocking.

The way to go about would be to have a software audit and usuage policy where by users are not allowed to install any software themselves. this will not be appreciated by your users, but will save you a lot of headaches later.

:-)

Collapse -

by dtrifonov In reply to

Poster rated this answer.

Collapse -

by dtrifonov In reply to forbid getright connectio ...

This question was closed by the author

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums