hi, What I read was that using patch-o-matic +netfilter(IPTables) and installing the string patch for iptables you could at least begin to identify the packets from the clients running kazaa v2+, once identified you can do anything else you want with the packets, the main problem that I face is that the minute the packets are fragmented everything goes for a toss. some of the software out in the open :
http://p2pwall.sourceforge.net etc can be utilized to block ALL traffic to a client using Kazaa but this kind of policy can work in an corporate environment but I was more looking at implementing this in a ISP setup. where we do not have control over who uses what software.
http://www.snortsam.net with http://www.snort.org is something I have not yet tried doing still. But is there another easier way of doing this in an ISP environment.
thanks Ripunjay
-----Original Message----- From: linuxers-bounces@mm.ilug-bom.org.in [mailto:linuxers-bounces@mm.ilug-bom.org.in]On Behalf Of Devdas Bhagat Sent: Saturday, August 09, 2003 08:41 To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] IPTables kazaa v2 blocking
Next GLUG Meet on 10th Aug. @ Ruparel College, Matunga Rd. (W), @ 4.00pm <snip> You cannot do this purely by means of a firewall. Set a policy to ban Kazaa and the like, turn on an IDS to detect Kazaa traffic, fire the person running Kazaa. This works better than anything else. Or you could just block port 80 as well.
Devdas Bhagat