You need a internet appliance/nat firewall that can manage outgoing traffic with a
default block all rule and then you add the ip addresses of the computers and what
ports/services you want them to have access to. Generally you need to allow outbound
traffic for dns udp port 53, http tcp port 80, and https tcp port 443 for internet
web access. Tcp ports 25, 110, 119 would be needed for non web based email such as
Outlook Express and newsgroups. This is a much better way that trying to figure out
what ports to block. Depending on the size of your office lan, you may be able to get
by with a $110 device that can do the job. If you have much more a couple dozen
users, you would be better off with a higher performance device such as the Sonic
Wall series starting around $400. If your network is a Windows 2000 domain with all
Windows 2000 or XP Pro computers, then you could also implement ipsec filtering to do
the job. Those unathorized applications are a great way to get a trojan/worm/virus on
your network. --- Steve
http://www.dlink.com/products/?pid=65 -- An economical device that may be adequate