[Ascend] RE: (ASCEND) Blocking or limiting Napster...

Thu Mar 1 08:31:06 CST 2001

Hello Kerrin, hello Hartmut,

Forget about all the thousands of possible napster servers.

I have just installed the Napster Software and sniffed all the traffic.
It goes like this:
1. Contact "server.napster.com" on port 8875
	server.napster.com is the name for these IP addresses:
server.napster.com has address 64.124.41.19
server.napster.com has address 64.124.41.16
server.napster.com has address 64.124.41.17

2. There is a reply of one packet that contains the next server address and
port
In my example it was
208.184.216.52:8888
This address comes in ascii in the data data part.

3. The client terminates the connection to server.napster.com and
establishes a new connection to the address received.

That's why is it sufficient to block port 8875/tcp.

HiH

Burkhard Weeber
viastore systems GmbH
P/O Box 300668
D-70446 Stuttgart
Email: B.Weeber at viastore.de

> -----Original Message-----
> From: owner-ascend-users at max.bungi.com
> [mailto:owner-ascend-users at max.bungi.com]On Behalf Of Hartmut
> Schroeder
> Sent: Thursday, March 01, 2001 1:25 PM
> To: ascend-users at max.bungi.com
> Subject: RE: (ASCEND) Blocking or limiting Napster...
>
>
> I'm sorry but that's not the whole Story.
>
> A good list of "known" Napster-Servers and used ports can be found on:
>
> http://www.napigator.com/list.php
>
> I know this topic is a pain in the ass.
> Just blocking ports or networks isn't the way to stop Users
> from Napstering.
> You'll need a device/Firewall that analyses ALL contents of
> every TCP-Stream.
>
> regards H.Schroeder
>
> Date sent:      	Thu, 01 Mar 2001 22:04:53 +1030
> To:             	<B.Weeber at viastore.de>
> From:           	Kerrin Pine <kerrinp at chariot.net.au>
> Subject:        	RE: (ASCEND) Blocking or limiting Napster...
> Copies to:      	"'Darkshot's Lists'" <dfl at chudys.com>,
>        	"Ascend User List \(E-Mail\)"
> <ascend-users at max.bungi.com>
>
> > Hullo,
> >
> > In Cisco speak (I think it's obvious the addresses and
> ports from this),
> > here's the one I use.
> >
> > ip access-list extended napster-block
> >   permit icmp any any
> >   deny   ip any 208.178.163.0 0.0.0.255
> >   deny   ip any 208.178.175.0 0.0.0.255
> >   deny   ip any 208.49.239.0 0.0.0.255
> >   deny   ip any 208.49.228.0 0.0.0.255
> >   deny   ip any 208.184.216.0 0.0.0.255
> >   deny   ip any 64.124.41.0 0.0.0.255
> >   deny   tcp any any eq 6699
> >   deny   tcp any any eq 8888
> >   permit ip any any
> >
> >
> > Cheers
> > Kerrin (speaking for himself, and not the employer!)
> >
> > At 09:22 PM 1/03/01, Burkhard Weeber wrote:
> > >Hi,
> > >
> > >to block NAPSTER disable port 8875/tcp outgoing.
> > >
> > >HiH
> > >
> > >Burkhard Weeber
> > >viastore systems GmbH
> > >P/O Box 300668
> > >D-70446 Stuttgart
> > >Email: B.Weeber at viastore.de
>
>
>
> Hartmut Schroeder             MMS Communication AG
> mailto:hacko at mms.de           Eiffestrasse 598
> http://www.mms.de/~hacko      20537 Hamburg, Germany
> Phone: +49 40 211105-40       Fax: +49 40 210 32 210
> ---
> ISAKMP (0:16): deleting SA reason "He's expired! He's lost
> his perch! He's an ex-parrot!" state (R) QM_IDLE
> OR how not to build VPN's using Ciscos :-)
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to
> ascend-users-request at bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
>

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>