RE: Kazza and ISA server
From: Tim Donahue (TDonahue_at_haynesconstruction.com)
Date: 08/26/03
- Previous message: c_brauckmiller_at_LEK.COM: "Re: Infect me"
- Maybe in reply to: Alaa Shaheen: "Kazza and ISA server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'Shaikh Al Hadi Rasool' <sahadir@precience.com> Date: Tue, 26 Aug 2003 12:07:45 -0400
The best way to block these services is generally to deny access to the
server that they are trying to connect to. I have tried blocking them, but
got side tracked from that project and never got back to it. I have heard
(I think on this list) that is is possible to do if you put the time into
it. I would probably start with a google search, there may be lists of the
servers out there to give you a good starting point.
Tim Donahue
-----Original Message-----
From: Shaikh Al Hadi Rasool [mailto:sahadir@precience.com]
Sent: Tuesday, August 26, 2003 1:36 AM
To: Maher Odeh; Alaa Shaheen; security-basics@securityfocus.com
Subject: Re: Kazza and ISA server
Hi All,
Anyone has an idea how to block Instant messaging service like (MSN =
messanger,Yahoo messanger Aol instant messanger etc,etc through ISA =
Server. And can anybody tell me how to restrict FTP and give on the user a =
scheduler basis permission of FTP through ISA Server. Example if i = wanted
to give a user permission by the clock 11 in the morning till 1 = pm only
then a user can download. or they have the FTP permission = enabled.
Thanks,
Shaikh Al Hadi Rasool.
----- Original Message -----
From: "Maher Odeh" <rax@netvision.net.il>
To: "Alaa Shaheen" <Ashaheen@aedegypt.org>;
<security-basics@securityfocus.com>
Sent: Sunday, August 24, 2003 1:39 PM
Subject: RE: Kazza and ISA server
> Taken from:
> http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/802/qid/464
> 81
> 4
>
>
>
> First, I am not familiar with ISA server (mostly checkpoint) but,
> maybe blocking access based on headers is a better way. it is possible
> to make kazaa work with port 80 rather than 1214. So they will pass.
> But you may block certain headers like:
> "GET /.hash*"
> "UserAgent: KazaaClient"
> "X-Kazaa*" (a few headers start with this)
>
> And according to Microsoft, you can do this with URLScan Web Filter
> for
> ISA:
> http://download.microsoft.com/download/4/c/b/4cbe9a1f-8d97-4c71-b6b3-d96
> 7924981db/urlscan_readme.htm
>
> I had no chance to try this at ISA server but I hope it works for you.
>
> greetz,
>
> Rule0
>
> -----Original Message-----
> From: Alaa Shaheen [mailto:Ashaheen@aedegypt.org]
> Sent: Friday, August 22, 2003 5:43 PM
> To: security-basics@securityfocus.com
> Subject: Kazza and ISA server
>
> Hi All
>
> I am having a little problem of controlling the traffic passing
> through my ISA server, specially the P2P file sharing programs such as
> Kazza and Imesh
>
> Did anyone knows how to block Kazza traffic using the ISA server ?
>
> Thanks in advance for your help
>
> Alaa Shaheen
>
> ----------------------------------------------------------------------
> --
> ---
> ------------------------------------------------------------------------
> ----
>
>
>
>
> ----------------------------------------------------------------------
> ----
-
> Attend Black Hat Briefings & Training Federal, September 29-30
> (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's
> premier technical IT security event. Modeled after the famous Black
> Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers
> and sponsors. Symantec is the Diamond sponsor. Early-bird
> registration ends September
6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------
> ----
-- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
- Previous message: c_brauckmiller_at_LEK.COM: "Re: Infect me"
- Maybe in reply to: Alaa Shaheen: "Kazza and ISA server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
