Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Blocking Morpheus and Napster

Which ports shold I block. Actually I don't want to block access, I just what to cut it back to about 2K so the users will give up rather than change the port. I need port numbers and int config to accomplish.

  • Other Network Infrastructure Subjects
4 REPLIES
Bronze

Re: Blocking Morpheus and Napster

I’ve never seen those port numbers published anywhere. You’ll probably have to log test it in a lab.

New Member

Re: Blocking Morpheus and Napster

You can do one thing. Install Morpheus and Napster on your system and run it. Then go to command prompt and type in netstat and you will get the tcp connections with the port number that is being used.Then you can do the blocking of those ports. You can try this. I hope this will work.

New Member

Re: Blocking Morpheus and Napster

Hello,

If your aim is to restrict bandwidth to ceratin network of yours. you can do this.

1. Creater an extended access-list to permit this particular network.

2. now give this command in the interface of the router where this network is connected.

rate-limit output access-group 50000 10000 10000 conform-action transmit exceed-action drop

and this also

rate-limit input access-group 50000 10000 10000 conform-action transmit exceed-action drop

Thsi would limit the bandwidth of those ips to 50k upload and 50k download. try this out. This is what i have implemented and found working fine.

Regards,

Ramesh

New Member

Re: Blocking Morpheus and Napster

Be careful with this.

Napster, eg., always uses different ports, when you block off one port, it simply goes to another one so that won't work.

Other problem is that you can't block the Napster URL, it just prevents downloading the Napster software but you can get the software from a lot of places around the world.

Q. So how can you stop this?

A. Only partially with NBAR or rate limiting

Napster uses TCP port 6699 as default. Putting a filter in that blocks this port brings Napster traffic to a screeching halt(for those using 6699). Blocking www.napster.com (url filter)adds an extra measure of security, as all clients must contact the site before they can begin exchanging music files.

But forbidding the use of Napster and blocking access to the site isn't the best approach. Crafty programmers have already come up with a way around the port blocking -- Napster already allows users to choose their own port -- and mirrored servers with new names would get around the site block.

If you sniff your link you can determine the addresses of the napster servers and rate limit accordingly (pain in the a!@).

Try NBAR. Use the "software search tool" on CCO and download the necessary .pdlm file as listed in the config below.

nsure that ip cef is enabled.

!

ip cef

ip nbar pdlm slot0:napster.pdlm

!

!

class-map match-all napster_nonstd

match protocol napster non-std

class-map match-all napster

match protocol napster

!

!

policy-map napout

class napster_nonstd

police 10000 2500 2500 conform-action drop exceed-action drop

class napster

police 1000000 250000 250000 conform-action transmit exceed-action drop

policy-map napin

class napster_nonstd

police 10000 2500 2500 conform-action drop exceed-action drop

class napster

police 3000000 250000 250000 conform-action transmit exceed-action drop

------

implementation eg.

!

interface FastEthernet0/0

description ***Residence Halls***

ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx

no ip mroute-cache

duplex full

service-policy input napin

service-policy output napout

!

interface FastEthernet0/1

description ***Admin***

ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx

ip nbar protocol-discovery

duplex full

no ip mroute-cache

!

interface ATM1/0

description *** PVC to Sunnyville CSU router

no ip address

no atm ilmi-keepalive

!

interface ATM1/0.1 point-to-point

bandwidth 30000

ip address xxx.xxx.xxx.xxx 255.255.xxx.xxx

ip nbar protocol-discovery

ip policy route-map papapix

atm pvc 5 0 385 aal5snap 30000 30000

Good Luck !!

114
Views
0
Helpful
4
Replies