Block Kazaa2 traffic
 

Has anyone a good solution for blocking kazaa2 outgoing and incoming traffic? I find it very difficult since the kazaa now search for open ports and it can even use port 80. :rolleyes:

You're probably going to be look at something like packet shaping. It's own problems entailed.

If you are the administrator, which it sound like you are, you could tell the person that Kazaa traffic is prohibited. If the person continues, write a rule in iptables to block the person from the web by ip address. Other than that, I think kazaa has become too smart for us. Good luck.

To support blocking I found (can't remember where tho) this Snort rule somewhere. Seems KaZaAv2 first does some UPD packeting out:
alert udp $HOME_NET 1109 -> $EXTERNAL_NET any (msg:"MISC UDP KaZaA v2 traffic"; content:"KaZaA"; classtype: misc-traffic; sid:pick_one; rev:1)
If it doesn't get response, then it'll scan other ports to find an open one for outgoing connections. If you're running a simple Snort contrib like Guardian it shouldn't be hard to generate a blocking rule.

Thanks, I'll take a look at Snort or Guardian.