RE: [fw-wiz] Blocking Kazaa

• Previous message: Dante Fressone: "[fw-wiz] Blocking Kazaa"
• Maybe in reply to: Dante Fressone: "[fw-wiz] Blocking Kazaa"
• Next in thread: Paul Armstrong: "Re: [fw-wiz] Blocking Kazaa"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Dante Fressone" <FressoneD@officenet.com>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 25 Jun 2003 18:11:07 -0700

You could use an IDS such as snort to detect traffic from kazaa or other
p2p software. This would alert you that people are using the software
but wouldn't actively prevent it.

If you script well, you could have snort monitor just p2p traffic and
pipe the output to a script that automatically adds rules to block IP
addresses that your user's p2p software connects to. Make sure the
snort box connects via ssh and that it does not accept incoming
connections at all.

Btw, Port 80 is used as a backup port number for kazaa.

-steven

> -----Original Message-----
> From: Dante Fressone [mailto:FressoneD@officenet.com]
> Sent: Wednesday, June 25, 2003 11:21 AM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Blocking Kazaa
>
>
> Hi, I want to block kazaa from my pix fw blocking port 1214
> TCP, but it seems like it's using port 80 now,,,,and I can't
> drop that port because web wont work.....
>
>
> Any ideas?
>
>
> Thanks!
>
>
> Dante Fressone
> Networking
> e-mail: fressoned@officenet.com
> Tel: 54-(11)-4126-2728
>
> _______________________________________________
> firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Dante Fressone: "[fw-wiz] Blocking Kazaa"
• Maybe in reply to: Dante Fressone: "[fw-wiz] Blocking Kazaa"
• Next in thread: Paul Armstrong: "Re: [fw-wiz] Blocking Kazaa"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [fw-wiz] Blocking Kazaa ... Have a look at the inline snort stuff. ... > I would love to hear if someone has a way to block it with a PIX. ... > Hi, I want to block kazaa from my pix fw blocking port 1214 TCP, but it ... (Firewall-Wizards) [fw-wiz] Re: Blocking Kazaa ... deal with Kazaa, AIM, Yahoo IM, MS Messgener, Chat, etc. ... > TCP and UDP packets going to port 1214 and also, oddly enough, sourcing from ... > Organization: Network Penetration ... > I would love to hear if someone has a way to block it with a PIX. ... (Firewall-Wizards) RE: locking down snort ... When setting up snort the best method is ... Also in larger networks the sniffer management port can sit on the ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... (Security-Basics) Re: Kazaa Block ! ... >> security breach, but worse, it is a blatant abuse of work computers. ... >> If this is a home LAN, and these are your children, ground them first, ... >> block KaZaA from their computers, ... > goes over port 80. ... (comp.security.firewalls) Re: Kazaa Block ! ... >>> security breach, but worse, it is a blatant abuse of work computers. ... >> goes over port 80. ... >> to a kazaa server and then to the other client to ... >> bad guy by uninstalling software and talking to boss. ... (comp.security.firewalls)