blocking nntp newsgroup usenet with Sonicwall TZ170W enhanced

You could try the IPS security service, it detects unusual traffic over port

80 (such as HTTP tunnelling), I'm not sure if it detects NNTP. You should be able to enable the 30 trial to test it out.

I have all services possible except the AV right now since it's not available for the TZ170W yet in SonicOS Enhanced. The gateway AV I mean. IPS doesn't stop nntp at all from running on port 80 as I've had it enabled and been able to access newsgroup servers on port 80 just fine. However I only blocked the major threat category and p2p I put in as block always.

I orriginally thought of blocking incomming port 80 or outgoing port 80 as then nntp over port 80 would not work. However I was not sure if this would also prevent web surfing since that also uses port 80.

So I'm not sure what to do right now.

Incoming port 80 is only needed if you run a webserver - if you don't, block it.

Outgoing TCP/80 is used for websurfing - and if you allow that, people will use groups.google.com or similar services instead of SMTP, which means that you've stopped a mild cold with a heavy pneumonia ;-)

Juergen Nieveler

Blocking outgoing port 80 is bad, no one will be able to surf. I would suggest that your best bet is to use viewpoint to log traffic (if you brought the comprehensive bundle it came with viewpoint), if you spot heavy traffic usage block by IP. Perhaps you could even try the Content filterig, I found that the CFS blocked access to my newsgroup server.

You should also upgrade your TZ170W to SonicOS 3 Enhanced.

A LART against your crazy NNTP surfer is a good thing. Detect the overall traffic over nntp and look for the guy.

Blocking outgoing access to Usenet servers (and their web interfaces) is difficult, even not possible.

HTH Wolfgang