Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running IP MASQ on a RH8 box. All my attempts to block Kazaa has failed. I've tried blocking IP addresses and ports but to no avail. Even with default policies set to REJECT, the PC's behind the box can still download with Kazaa.
Is there anything I can do? Any help is greatly appreciated.
Have you looked into using squid and running a proxy, that would not aloow them to use Kazaa or IMesh or any of the other software sharing tools. For foture reference, I believe Kazaa runs on port 1024, have you rejected all traffic on that port?? If so, I think kazaa then uses port 80 as a backup.
emence : How would squid help in disabling Kazaa? I only use squid as a cache to 'boost' browsing speeds. Care to elaborate or point me in the right direction?
The old KaZaA v1 uses TCP/1214, but v2 will scan other ports, not only 80 IIRC, to get a connection. I think it might show if you use LOG targets, then you should see KaZaA pick other ports each time you put in a port block.
Catching someone using v2 seems possible (with Snort) because transfer packets contain "X-KaZaA" and/or "KaZaA" strings (UDP/1109 ?) and/or hashed GET requests ("GET /hash=someValue").
You could ngrep any in/outbound traffic on any port for the strings mentioned. If it works install Snort and fix up the sigs with flex_resp or use a 3rd part app like Guardian, or use iptables string match (experimental AFAIK), or use a logwatch or equiv.
Well, you had a seperate box using squid which then pointed to the gateway, it would eliminate anyone using your linux "router" and bypassing iptables with a tunneling program. For example your net is 192.168.1.xxx , your squid is 192.168.6.253 and the gateway is 192.168.6.254, point everyones browser and gateway to 253 that way they will not be able to use Kazaa or any other filesharing prog.
emence : Sorry I don't get you. So you're saying that I should set everyone's gateway to a box running squid and my squid box gateway set to the linux box running IP MASQ. Erm..how would this stop Kazaa. I apologize for sounding silly. Appreciate if you can elaborate.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.