LinuxQuestions.org - Blocking Kazaa with Iptables, Anyone?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Blocking Kazaa with Iptables, Anyone? (https://www.linuxquestions.org/questions/linux-security-4/blocking-kazaa-with-iptables-anyone-67965/)

markng

06-25-2003 10:21 AM

Blocking Kazaa with Iptables, Anyone?

Hi guys,

I'm running IP MASQ on a RH8 box. All my attempts to block Kazaa has failed. I've tried blocking IP addresses and ports but to no avail. Even with default policies set to REJECT, the PC's behind the box can still download with Kazaa.

Is there anything I can do? Any help is greatly appreciated.

Thanks in advance!

nakkaya

06-25-2003 03:50 PM

they may be using a tunneling programm

emence

06-25-2003 03:54 PM

Have you looked into using squid and running a proxy, that would not aloow them to use Kazaa or IMesh or any of the other software sharing tools. For foture reference, I believe Kazaa runs on port 1024, have you rejected all traffic on that port?? If so, I think kazaa then uses port 80 as a backup.

markng

06-25-2003 07:13 PM

emence : How would squid help in disabling Kazaa? I only use squid as a cache to 'boost' browsing speeds. Care to elaborate or point me in the right direction?

Thanks a million.

unSpawn

06-25-2003 08:10 PM

The old KaZaA v1 uses TCP/1214, but v2 will scan other ports, not only 80 IIRC, to get a connection. I think it might show if you use LOG targets, then you should see KaZaA pick other ports each time you put in a port block.

Catching someone using v2 seems possible (with Snort) because transfer packets contain "X-KaZaA" and/or "KaZaA" strings (UDP/1109 ?) and/or hashed GET requests ("GET /hash=someValue").

You could ngrep any in/outbound traffic on any port for the strings mentioned. If it works install Snort and fix up the sigs with flex_resp or use a 3rd part app like Guardian, or use iptables string match (experimental AFAIK), or use a logwatch or equiv.

emence

06-26-2003 09:30 AM

Well, you had a seperate box using squid which then pointed to the gateway, it would eliminate anyone using your linux "router" and bypassing iptables with a tunneling program. For example your net is 192.168.1.xxx , your squid is 192.168.6.253 and the gateway is 192.168.6.254, point everyones browser and gateway to 253 that way they will not be able to use Kazaa or any other filesharing prog.

markng

06-27-2003 06:35 PM

emence : Sorry I don't get you. So you're saying that I should set everyone's gateway to a box running squid and my squid box gateway set to the linux box running IP MASQ. Erm..how would this stop Kazaa. I apologize for sounding silly. Appreciate if you can elaborate.

Thanks.

All times are GMT -5. The time now is 03:37 PM.