Block Kazaa2 traffic

jekyl · 02-12-2003, 04:40 AM

Has anyone a good solution for blocking kazaa2 outgoing and incoming traffic? I find it very difficult since the kazaa now search for open ports and it can even use port 80.

williamwbishop · 02-12-2003, 09:59 PM

You're probably going to be look at something like packet shaping. It's own problems entailed.

Pcghost · 03-12-2003, 12:18 PM

If you are the administrator, which it sound like you are, you could tell the person that Kazaa traffic is prohibited. If the person continues, write a rule in iptables to block the person from the web by ip address. Other than that, I think kazaa has become too smart for us. Good luck.

unSpawn · 03-12-2003, 09:34 PM

To support blocking I found (can't remember where tho) this Snort rule somewhere. Seems KaZaAv2 first does some UPD packeting out:
alert udp $HOME_NET 1109 -> $EXTERNAL_NET any (msg:"MISC UDP KaZaA v2 traffic"; content:"KaZaA"; classtype: misc-traffic; sid

ick_one; rev:1)
If it doesn't get response, then it'll scan other ports to find an open one for outgoing connections. If you're running a simple Snort contrib like Guardian it shouldn't be hard to generate a blocking rule.

jekyl · 03-13-2003, 03:53 AM

Thanks, I'll take a look at Snort or Guardian.