Block Kazaa2 traffic
Has anyone a good solution for blocking kazaa2 outgoing and incoming traffic? I find it very difficult since the kazaa now search for open ports and it can even use port 80. :rolleyes:
|
You're probably going to be look at something like packet shaping. It's own problems entailed.
|
If you are the administrator, which it sound like you are, you could tell the person that Kazaa traffic is prohibited. If the person continues, write a rule in iptables to block the person from the web by ip address. Other than that, I think kazaa has become too smart for us. Good luck.
|
To support blocking I found (can't remember where tho) this Snort rule somewhere. Seems KaZaAv2 first does some UPD packeting out:
alert udp $HOME_NET 1109 -> $EXTERNAL_NET any (msg:"MISC UDP KaZaA v2 traffic"; content:"KaZaA"; classtype: misc-traffic; sid:pick_one; rev:1) If it doesn't get response, then it'll scan other ports to find an open one for outgoing connections. If you're running a simple Snort contrib like Guardian it shouldn't be hard to generate a blocking rule. |
Thanks, I'll take a look at Snort or Guardian.
|
All times are GMT -5. The time now is 01:51 AM. |