hi,
I had posted a query a very long time a go about blocking/stopping Kazaa ver 2 Clients on my internal network from reaching the outside world. Did not get many responses for ver 2 blocking, ver 1 was port 1214 .
Asking the question again. How to block Kazaa Ver 2+ clients from connecting and or transferring files via a Linux box, running IPTables/Kernel 2.4.19+.
thanks Ripunjay Bararia
On 08/08/03 22:32 +0530, Ripunjay Bararia (ILUG-MUM) wrote:
hi,
I had posted a query a very long time a go about blocking/stopping Kazaa ver 2 Clients on my internal network from reaching the outside world. Did not get many responses for ver 2 blocking, ver 1 was port 1214 .
Version 2 will transfer files over port 80 if 1214 is not available.
Asking the question again. How to block Kazaa Ver 2+ clients from connecting and or transferring files via a Linux box, running IPTables/Kernel 2.4.19+.
You cannot do this purely by means of a firewall. Set a policy to ban Kazaa and the like, turn on an IDS to detect Kazaa traffic, fire the person running Kazaa. This works better than anything else. Or you could just block port 80 as well.
Devdas Bhagat
hi, What I read was that using patch-o-matic +netfilter(IPTables) and installing the string patch for iptables you could at least begin to identify the packets from the clients running kazaa v2+, once identified you can do anything else you want with the packets, the main problem that I face is that the minute the packets are fragmented everything goes for a toss. some of the software out in the open :
http://p2pwall.sourceforge.net etc can be utilized to block ALL traffic to a client using Kazaa but this kind of policy can work in an corporate environment but I was more looking at implementing this in a ISP setup. where we do not have control over who uses what software.
http://www.snortsam.net with http://www.snort.org is something I have not yet tried doing still. But is there another easier way of doing this in an ISP environment.
thanks Ripunjay
-----Original Message----- From: linuxers-bounces@mm.ilug-bom.org.in [mailto:linuxers-bounces@mm.ilug-bom.org.in]On Behalf Of Devdas Bhagat Sent: Saturday, August 09, 2003 08:41 To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] IPTables kazaa v2 blocking
Next GLUG Meet on 10th Aug. @ Ruparel College, Matunga Rd. (W), @ 4.00pm <snip> You cannot do this purely by means of a firewall. Set a policy to ban Kazaa and the like, turn on an IDS to detect Kazaa traffic, fire the person running Kazaa. This works better than anything else. Or you could just block port 80 as well.
Devdas Bhagat
On 09/08/03 09:58 +0530, Ripunjay Bararia (ILUG-MUM) wrote:
hi, What I read was that using patch-o-matic +netfilter(IPTables) and installing the string patch for iptables
Replies only to the list please.
you could at least begin to identify the packets from the clients running kazaa v2+, once identified you can do anything else you want with the packets, the main problem that I face is that the minute the packets are fragmented everything goes for a toss.
Welcome to freenet (pun intended).
some of the software out in the open :
http://p2pwall.sourceforge.net etc can be utilized to block ALL traffic to a client using Kazaa but this kind of policy can work in an corporate environment but I was more looking at implementing this in a ISP setup. where we do not have control over who uses what software.
Either throttle that connection, or choose not to service the user for excess traffic, or charge more for excess traffic. You really don't have another choice, unless you want to pay a lot of money. I know of a few solutions, but none of them are cheap.
http://www.snortsam.net with http://www.snort.org is something I have not yet tried doing still. But is there another easier way of doing this in an ISP environment.
I wouldn't touch that issue in an ISP environment with a 100 metre Cat5e cable. I am looking to change ISPs because they have this cisco PIX in front of the network with smtp fixup enabled and thye haven't turned it off for two weeks after telling them about it. Any ISP that interferes unduly in my network traffic without an explicit policy is about to lose a customer. Put a policy in place, and inform me about it so that I can choose to stay subscribed, or not. Oh, and don't top post.
Devdas Bhagat
hi,
Sorry about the individual post, my email client is Outlook (M$), does that by default, and sorry for posting using an M$ client on a Linux list, just to add to that :-|
I was just looking at options only that, I already have a checkpoint and a Cisco pix at disposal, but the solution I was looking at was for places where people cannot afford to do that. or are not *willing* to pay for the above solutions.
Thanks for the advice, rest all okey .. but cannot understand the line below.. really.. I'm not that list serve savvy.
Devdas Bhagat
Oh, and don't top post..
Ripunjay Bararia (ILUG-MUM) wrote:
Thanks for the advice, rest all okey .. but cannot understand the line below.. really.. I'm not that list serve savvy.
Devdas Bhagat
Oh, and don't top post..
hai .. visit the following url :)
http://www.faqs.org/docs/jargon/T/top-post.html
regards, Raj.
hai .. visit the following url :)
http://www.faqs.org/docs/jargon/T/top-post.html
regards, Raj.
Got that dude thanks ripunjay
On 09/08/03 23:34 +0530, Ripunjay Bararia (ILUG-MUM) wrote: <snip>
I was just looking at options only that, I already have a checkpoint and a Cisco pix at disposal,
Neither of which is really useful, unless you block ports (and I really would not do that in an ISP environment, except maybe port 25 outbound, just so that I could have logs of what my subscribers sent. Again, there should be no filtering on domain names if you choose to do this).
but the solution I was looking at was for places where people cannot afford to do that. or are not *willing* to pay for the above solutions.
You can implement total traffic throttling on Linux as well as the BSDs. http://www.lartc.org/ for Linux. See tun0 or other options on the BSDs.
Devdas Bhagat