How to block KaZaA

How to block KaZaA

Post by Arno Pijnappel » Fri, 17 Jan 2003 18:42:41



Hello,

I tried to block kazaa traffic in our firewall, which includes closing down
all traffic on port 1214, also I closed all connections to the following
IP's 213.248.112.0/24 and 206.142.53.0/24. But this all has no effect.
Furthermore I read that the newer versions of p2p software are made for
bypassing firewalls and connect on port 80 if 1214 not works.
It's not an option to simply block all port 80 traffic because we do want
"free browse access" to websites for our employers.

Anyone who can help?

Regards,

Arno

 
 
 

How to block KaZaA

Post by mh » Fri, 17 Jan 2003 19:41:24


you could get a site blocker such as Adadware and put the site in there?


Quote:> Hello,

> I tried to block kazaa traffic in our firewall, which includes closing
down
> all traffic on port 1214, also I closed all connections to the following
> IP's 213.248.112.0/24 and 206.142.53.0/24. But this all has no effect.
> Furthermore I read that the newer versions of p2p software are made for
> bypassing firewalls and connect on port 80 if 1214 not works.
> It's not an option to simply block all port 80 traffic because we do want
> "free browse access" to websites for our employers.

> Anyone who can help?

> Regards,

> Arno


 
 
 

How to block KaZaA

Post by Konfuziu » Fri, 17 Jan 2003 21:10:17


In a stripped down version of Kazaa (Kazaalite) I found only 2 different IPs
in the 'hosts' file:
127.0.0.1 for several ad-providers and
216.40.230.4 desktop.kazaa.com
216.40.230.4 alpha.kazaa.com
216.40.230.4 shop.kazaa.com
for the central kazaa.com-nodes. So I presume blocking them is sufficient. I
have not yet tried this.

HTH Konfu

 
 
 

How to block KaZaA

Post by Stupifie » Fri, 17 Jan 2003 21:24:23



Quote:> Hello,

> I tried to block kazaa traffic in our firewall, which includes closing
down
> all traffic on port 1214, also I closed all connections to the following
> IP's 213.248.112.0/24 and 206.142.53.0/24. But this all has no effect.
> Furthermore I read that the newer versions of p2p software are made for
> bypassing firewalls and connect on port 80 if 1214 not works.
> It's not an option to simply block all port 80 traffic because we do want
> "free browse access" to websites for our employers.

> Anyone who can help?

> Regards,

> Arno

New versions of kazaa can randomly pick ports.  The solution isn't
necessarily to block kazaa, it's to fire employees or punish children that
you have told NOT to use kazaa and they refuse to obey.
Also, depending on which operating system you're using, you can also put
restrictions on the users that won't allow them to run or install it, then
also block not only ftp (preventing them from downloading it) but uninstall
any copies.  Also, go to http://rr.sans.org and look at that one story of a
small network being compromised by warez type people who were using the
business' servers to store their warez and illegally-gained software.
Also, if this is a business, there's legal ramifications.  Copyright holders
can sue you if they find the stuff on your network, whether you put it there
or someone else did.  That's something to think about.
Please reply and give client operating systems so I can tell you how to
block.
 
 
 

How to block KaZaA

Post by Davi » Sat, 18 Jan 2003 07:23:22


Keep going through your firewall logs and if you can log allowed access or
get a program that does use that also. I don't use any filesharing
application so you may have get your own copy and see how it works. They
sometimes vary from version to version. If they have added a means to get
past a firewall then the connections will usually be negotiated by a server
in the middle. Find out the IP addresses or DNS names of these servers and
block them (and maybe even an entire domain) along with the standard P2P
ports.


Quote:> Hello,

> I tried to block kazaa traffic in our firewall, which includes closing
down
> all traffic on port 1214, also I closed all connections to the following
> IP's 213.248.112.0/24 and 206.142.53.0/24. But this all has no effect.
> Furthermore I read that the newer versions of p2p software are made for
> bypassing firewalls and connect on port 80 if 1214 not works.
> It's not an option to simply block all port 80 traffic because we do want
> "free browse access" to websites for our employers.

> Anyone who can help?

> Regards,

> Arno

 
 
 

How to block KaZaA

Post by Konfuziu » Sat, 18 Jan 2003 08:39:20




Quote:> In a stripped down version of Kazaa (Kazaalite) I found only 2 different
IPs
> in the 'hosts' file:
> 127.0.0.1 for several ad-providers and
> 216.40.230.4 desktop.kazaa.com
> 216.40.230.4 alpha.kazaa.com
> 216.40.230.4 shop.kazaa.com
> for the central kazaa.com-nodes. So I presume blocking them is sufficient.
I
> have not yet tried this.

> HTH Konfu

I just tried the above. It does _not_ work. After some tracking I noticed
that Kazaa tends to connect to hosts in a "last known good"-list. The ports
it connects to seem random, so you have no chance to block Kazaa using a
simple packet filter. :(
 
 
 

How to block KaZaA

Post by Davi » Sat, 18 Jan 2003 11:30:50


Last known good list!   Isn't that special!
It amazes me what these folks do.....Then again maybe it doesn't amaze me
since these programs seemed to be designed to make it easy for some to
steal.....

Quote:

> I just tried the above. It does _not_ work. After some tracking I noticed
> that Kazaa tends to connect to hosts in a "last known good"-list. The
ports
> it connects to seem random, so you have no chance to block Kazaa using a
> simple packet filter. :(