LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-12-2003, 05:40 AM   #1
jekyl
LQ Newbie
 
Registered: Dec 2002
Location: Norway
Distribution: Debian Sid
Posts: 7

Rep: Reputation: 0
Block Kazaa2 traffic


Has anyone a good solution for blocking kazaa2 outgoing and incoming traffic? I find it very difficult since the kazaa now search for open ports and it can even use port 80.
 
Old 02-12-2003, 10:59 PM   #2
williamwbishop
Member
 
Registered: Feb 2003
Location: god's judge
Posts: 376

Rep: Reputation: 30
You're probably going to be look at something like packet shaping. It's own problems entailed.
 
Old 03-12-2003, 01:18 PM   #3
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
If you are the administrator, which it sound like you are, you could tell the person that Kazaa traffic is prohibited. If the person continues, write a rule in iptables to block the person from the web by ip address. Other than that, I think kazaa has become too smart for us. Good luck.
 
Old 03-12-2003, 10:34 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,813
Blog Entries: 54

Rep: Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988Reputation: 2988
To support blocking I found (can't remember where tho) this Snort rule somewhere. Seems KaZaAv2 first does some UPD packeting out:
alert udp $HOME_NET 1109 -> $EXTERNAL_NET any (msg:"MISC UDP KaZaA v2 traffic"; content:"KaZaA"; classtype: misc-traffic; sidick_one; rev:1)
If it doesn't get response, then it'll scan other ports to find an open one for outgoing connections. If you're running a simple Snort contrib like Guardian it shouldn't be hard to generate a blocking rule.
 
Old 03-13-2003, 04:53 AM   #5
jekyl
LQ Newbie
 
Registered: Dec 2002
Location: Norway
Distribution: Debian Sid
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks, I'll take a look at Snort or Guardian.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
possible to block msn traffic? flamesrock Linux - Software 3 05-26-2005 10:10 PM
Block outgoing traffic through router? Micro420 Linux - Networking 3 03-15-2005 08:01 AM
How can block my SMTP Traffic? krishnakishore Linux - Networking 3 06-19-2004 08:49 AM
iptables : how do I block inbound traffic from one ip address only? Apollo77 Linux - Security 7 03-22-2004 11:22 AM
Setting ip tables to block all traffic LinuxBAH Linux - Security 1 02-07-2004 07:15 AM


All times are GMT -5. The time now is 07:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration