LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-25-2003, 11:21 AM   #1
markng
LQ Newbie
 
Registered: Jan 2002
Posts: 19

Rep: Reputation: 0
Blocking Kazaa with Iptables, Anyone?


Hi guys,

I'm running IP MASQ on a RH8 box. All my attempts to block Kazaa has failed. I've tried blocking IP addresses and ports but to no avail. Even with default policies set to REJECT, the PC's behind the box can still download with Kazaa.

Is there anything I can do? Any help is greatly appreciated.

Thanks in advance!
 
Old 06-25-2003, 04:50 PM   #2
nakkaya
Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
they may be using a tunneling programm
 
Old 06-25-2003, 04:54 PM   #3
emence
Member
 
Registered: Jun 2003
Location: Springfield, MO
Distribution: RedHat/Slackware
Posts: 81

Rep: Reputation: 15
Have you looked into using squid and running a proxy, that would not aloow them to use Kazaa or IMesh or any of the other software sharing tools. For foture reference, I believe Kazaa runs on port 1024, have you rejected all traffic on that port?? If so, I think kazaa then uses port 80 as a backup.
 
Old 06-25-2003, 08:13 PM   #4
markng
LQ Newbie
 
Registered: Jan 2002
Posts: 19

Original Poster
Rep: Reputation: 0
emence : How would squid help in disabling Kazaa? I only use squid as a cache to 'boost' browsing speeds. Care to elaborate or point me in the right direction?

Thanks a million.
 
Old 06-25-2003, 09:10 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,688
Blog Entries: 54

Rep: Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955
The old KaZaA v1 uses TCP/1214, but v2 will scan other ports, not only 80 IIRC, to get a connection. I think it might show if you use LOG targets, then you should see KaZaA pick other ports each time you put in a port block.

Catching someone using v2 seems possible (with Snort) because transfer packets contain "X-KaZaA" and/or "KaZaA" strings (UDP/1109 ?) and/or hashed GET requests ("GET /hash=someValue").

You could ngrep any in/outbound traffic on any port for the strings mentioned. If it works install Snort and fix up the sigs with flex_resp or use a 3rd part app like Guardian, or use iptables string match (experimental AFAIK), or use a logwatch or equiv.
 
Old 06-26-2003, 10:30 AM   #6
emence
Member
 
Registered: Jun 2003
Location: Springfield, MO
Distribution: RedHat/Slackware
Posts: 81

Rep: Reputation: 15
Well, you had a seperate box using squid which then pointed to the gateway, it would eliminate anyone using your linux "router" and bypassing iptables with a tunneling program. For example your net is 192.168.1.xxx , your squid is 192.168.6.253 and the gateway is 192.168.6.254, point everyones browser and gateway to 253 that way they will not be able to use Kazaa or any other filesharing prog.
 
Old 06-27-2003, 07:35 PM   #7
markng
LQ Newbie
 
Registered: Jan 2002
Posts: 19

Original Poster
Rep: Reputation: 0
emence : Sorry I don't get you. So you're saying that I should set everyone's gateway to a box running squid and my squid box gateway set to the linux box running IP MASQ. Erm..how would this stop Kazaa. I apologize for sounding silly. Appreciate if you can elaborate.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking an IP using iptables picox Linux - Security 7 12-10-2010 03:00 PM
iptables kazaa port forward Lsi Linux - Security 3 05-14-2004 11:44 PM
Blocking Traffic on a specific port (kazaa) GratePayne Linux - Security 4 05-09-2004 10:10 AM
opening kazaa and paltalk port in iptables orko Linux - Networking 15 12-02-2003 01:25 PM
Blocking Kazaa with iptables lorddecker Linux - Security 1 08-21-2003 04:30 PM


All times are GMT -5. The time now is 02:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration