[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kazza problems

On Sat, 2003-02-22 at 09:52, Danny Kjærgaard wrote:
> Hi
> I im trying to block out kazaa, i did some research on the net and i sound like it cant be done. I just wantede to hear if some of you guys have a solution that works. 
> I blocked the tcp port 1214. But that doesnt work. And like i read in my search kazaa will do port jumps and end up using an other port.
> If some of you have a idea or anything on block og limiting kazaa pleas post.
Rather than attempting to block a few troublesome ports, why not block
all outgoing and only allow certain services (http, pop3, smtp, etc). 
Not only does this [hopefully] solve your problem, but it will help to
discover unwanted traffic (worms, trojans, etc) that you might not
normally detect.
Keep in mind, however, that given enough time/effort/ingenuity, a
motivated individual can bypass your outbound limitations via various
tunneling methods.  Software like Kazaa is notoriously good at finding
open holes.  Another good alternative that's been discussed on the misc@
list recently is using authpf.
As Bob Beck put it:
'Authpf is the technical means to make it a social solution. Authpf
works because they know they'll be held accountable for what they do if
it becomes a problem, and it doesn't matter *how* they do it. Thinking
like a "let's block stuff" firewall administrator does not solve the
root of the problem.'