Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm running IP MASQ on a RH8 box. All my attempts to block Kazaa has failed. I've tried blocking IP addresses and ports but to no avail. Even with default policies set to REJECT, the PC's behind the box can still download with Kazaa.
Is there anything I can do? Any help is greatly appreciated.
Have you looked into using squid and running a proxy, that would not aloow them to use Kazaa or IMesh or any of the other software sharing tools. For foture reference, I believe Kazaa runs on port 1024, have you rejected all traffic on that port?? If so, I think kazaa then uses port 80 as a backup.
The old KaZaA v1 uses TCP/1214, but v2 will scan other ports, not only 80 IIRC, to get a connection. I think it might show if you use LOG targets, then you should see KaZaA pick other ports each time you put in a port block.
Catching someone using v2 seems possible (with Snort) because transfer packets contain "X-KaZaA" and/or "KaZaA" strings (UDP/1109 ?) and/or hashed GET requests ("GET /hash=someValue").
You could ngrep any in/outbound traffic on any port for the strings mentioned. If it works install Snort and fix up the sigs with flex_resp or use a 3rd part app like Guardian, or use iptables string match (experimental AFAIK), or use a logwatch or equiv.
Well, you had a seperate box using squid which then pointed to the gateway, it would eliminate anyone using your linux "router" and bypassing iptables with a tunneling program. For example your net is 192.168.1.xxx , your squid is 192.168.6.253 and the gateway is 192.168.6.254, point everyones browser and gateway to 253 that way they will not be able to use Kazaa or any other filesharing prog.
emence : Sorry I don't get you. So you're saying that I should set everyone's gateway to a box running squid and my squid box gateway set to the linux box running IP MASQ. Erm..how would this stop Kazaa. I apologize for sounding silly. Appreciate if you can elaborate.