RE: [fw-wiz] Blocking Kazaa

From: Steven Alexander (alexander.s_at_mccd.edu)
Date: 06/26/03

  • Next message: Paul Armstrong: "Re: [fw-wiz] Blocking Kazaa" 
    To: "Dante Fressone" <FressoneD@officenet.com>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 25 Jun 2003 18:11:07 -0700

    You could use an IDS such as snort to detect traffic from kazaa or other
    p2p software. This would alert you that people are using the software
    but wouldn't actively prevent it.

    If you script well, you could have snort monitor just p2p traffic and
    pipe the output to a script that automatically adds rules to block IP
    addresses that your user's p2p software connects to. Make sure the
    snort box connects via ssh and that it does not accept incoming
    connections at all.

    Btw, Port 80 is used as a backup port number for kazaa.

    -steven

    > -----Original Message-----
    > From: Dante Fressone [mailto:FressoneD@officenet.com]
    > Sent: Wednesday, June 25, 2003 11:21 AM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Blocking Kazaa
    >
    >
    > Hi, I want to block kazaa from my pix fw blocking port 1214
    > TCP, but it seems like it's using port 80 now,,,,and I can't
    > drop that port because web wont work.....
    >
    >
    > Any ideas?
    >
    >
    > Thanks!
    >
    >
    > Dante Fressone
    > Networking
    > e-mail: fressoned@officenet.com
    > Tel: 54-(11)-4126-2728
    >
    > _______________________________________________
    > firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Armstrong: "Re: [fw-wiz] Blocking Kazaa"

    Relevant Pages

    • RE: [fw-wiz] Blocking Kazaa
      ... Have a look at the inline snort stuff. ... > I would love to hear if someone has a way to block it with a PIX. ... > Hi, I want to block kazaa from my pix fw blocking port 1214 TCP, but it ...
      (Firewall-Wizards)
    • [fw-wiz] Re: Blocking Kazaa
      ... deal with Kazaa, AIM, Yahoo IM, MS Messgener, Chat, etc. ... > TCP and UDP packets going to port 1214 and also, oddly enough, sourcing from ... > Organization: Network Penetration ... > I would love to hear if someone has a way to block it with a PIX. ...
      (Firewall-Wizards)
    • RE: locking down snort
      ... When setting up snort the best method is ... Also in larger networks the sniffer management port can sit on the ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: Kazaa Block !
      ... >> security breach, but worse, it is a blatant abuse of work computers. ... >> If this is a home LAN, and these are your children, ground them first, ... >> block KaZaA from their computers, ... > goes over port 80. ...
      (comp.security.firewalls)
    • Re: Kazaa Block !
      ... >>> security breach, but worse, it is a blatant abuse of work computers. ... >> goes over port 80. ... >> to a kazaa server and then to the other client to ... >> bad guy by uninstalling software and talking to boss. ...
      (comp.security.firewalls)