[Shorewall-users] Blocking Audio Galaxy

Cowles, Steve Steve@SteveCowles.com
Thu, 11 Apr 2002 07:33:59 -0500


> -----Original Message-----
> From: Louie Martinez [mailto:louie@kopykake.com]
> Sent: Thursday, April 11, 2002 1:56 AM
> To: shorewall-users@shorewall.net
> Subject: [Shorewall-users] Blocking Audio Galaxy
> 
> 
> Has anyone come up with some rules for blocking outgoing 
> connections to  Audio Galaxy? I'd like to implement a no
> audio galaxy policy in our office and want to enforce it
> by blocking audio galaxy clients from passing information
> out through the firewall. 

The best "policy" is a written security policy that bans the use of AG at
the workplace. If violated, it grounds for termination.

> I attempted to locate more information about the protocol
> they use but wasn't able to find anything. 

The AG FAQ addressed what ports the AG client uses.
http://www.audiogalaxy.com/satellite/info/faq.php?#firewall

There were also some good posts in the AG Message Board regarding this
topic.
http://www.audiogalaxy.com/pages/messageBoard.php?&context=forum&contextID=8

> If anyone has some type of rule set already in place, please 
> share it with me.

I don't, but based on what I read in the FAQ, it looks like you need to
block outbound FTP requests to the AG servers. Unfortunately, it looks like
the AG client can also be configured to use other ports to search for music
(web search). Plus, it looks like this product even supports http based
downloads.

Again, consider writing a security policy that bans the use of AG at the
workplace. Get your HR department, president, etc... to adopt and sign off
on your security policy and then publish it.

One final thought -- If you have a sense of humor (or just wanting to be a
smartass), you could always configure your DNS server to return the IP
address of your companies web server for the entire audiogalaxy.com name
space, then display the security policy regarding the use of AG at the work
place. :-)

Steve Cowles