I need to block LimeWire on my corporate network for bandwidth reasons, I just need to know what ports need to be blocked at the firewall to prevent my users from accessing this.
What ports should I block at the firewall to disable LimeWire?
Asked
Active
Viewed 2,557 times
7 Answers
12
First, this question means that you are not following security/firewall best practices by allowing everything, except what is denied.
The proper way to configure a firewall is to block everything, except what you allow. If you did that, Limewire would already by blocked.
Now, to your answer, the easiest way is to block ports from the 6300 to 6400 range (TCP and UDP) and also block the limewire web site, denying users the ability to even install it. You can also use ipp2p and l7, but they require kernel modifications and in this case might not be necessary.
sucuri
- 2,817
- 1
- 22
- 22
-
I could not agree more with the block everything outgoing unless you know you need it. – Matt Jun 17 '09 at 19:36
5
Standard answer: Don't let your users install unauthorized software on their computers :)
But another way to handle this is to be more general in your control methods. We use a proxy server like a Bluecoat which can also throttle bandwidth. Then you force all Internet access through the proxy and block everything going out at your firewall. Most programs will work just fine with the proxy and you can create exceptions on an application by application basis, but the P2P stuff will likely just die at the firewall. If it does happen to work via the proxy, you can throttle it there easier.
Kevin Kuphal
- 9,064
- 1
- 34
- 41
4
Block ports 6346,6347 TCP, UDP
LimeWire will probably use different port. You should block all ports except the ones you are using.
In case you have Windows, you can also set firewall on workstations to block
"C:\Program Files\LimeWire\LimeWire.exe"
Jindrich
- 4,958
- 8
- 29
- 42
3
+1 for Karolis T. and Roy.
As a side note, You should look into controlling who has rights to install software. Blocking limewire is the tip of the iceburg if people can control the software on the machines.
Installing spyware, viruses, disabling anti virus etc. are all bigger issues IMO
MathewC
- 6,877
- 9
- 38
- 53
-
I just don't get how people can downvote advice in addition to the correct answer. Sure. Block the ports. Thats why I said +1 for Karolis and roy. – MathewC Jun 17 '09 at 14:16
-
3
-
I see your point, but still think it's an answer to the problem. Maybe not the question. It's sound advice. – MathewC Jun 17 '09 at 14:23
-
5It's also sound advice never to go in against a Sicilian when death is on the line, but I'm not going to post it as an answer. Hell, you say yourself that this is a side note. – Pesto Jun 17 '09 at 14:29
-
There is rarely a single answer to any problem in IT. Often the best answer is not the one you are trying to implement. How often have you seen shops set up using all kinds of crazy methods instead of best practices. The answer to the question is a list of ports that any admin should have been able to google. The real solution is to use best practices security and block everything and only allow what you need. – Kevin Kuphal Jun 17 '09 at 14:31
-
@Kevin: You do understand the idea behind Serverfault right? To become a repository of information for google? GIYF comments and answers are pretty ridiculous when you consider this. – Geoffrey Chetwood Jun 17 '09 at 14:36
1
You'd be better off doing packet snooping and filtering - most P2P programs allow you to change ports. Come to think of it, many allow packet obfuscation too. If this is a major concern, consider monitoring network traffic volume and investigating potential overuse? Wait, maybe that's too big-brother...geez, it's almost as if there's a whole industry fighting against itself to find the right balance between control and freedom...
sangretu
- 372
- 1
- 2
- 8