[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kazza problems



Even if i did block all outgoing and opened the once i needed the kazaa
would find its way out. I heared that i would go to port 80 and try there.
So i think no matter what pf rule i write i would find its way out.
----- Original Message -----
From: "Jason Dixon" <jasondixon@myrealbox.com>
To: "PF Mailing List" <pf@benzedrine.cx>
Sent: Saturday, February 22, 2003 4:43 PM
Subject: Re: Kazza problems
On Sat, 2003-02-22 at 09:52, Danny Kjærgaard wrote:
> Hi
>
>
> I im trying to block out kazaa, i did some research on the net and i sound
like it cant be done. I just wantede to hear if some of you guys have a
solution that works.
>
> I blocked the tcp port 1214. But that doesnt work. And like i read in my
search kazaa will do port jumps and end up using an other port.
>
> If some of you have a idea or anything on block og limiting kazaa pleas
post.
Rather than attempting to block a few troublesome ports, why not block
all outgoing and only allow certain services (http, pop3, smtp, etc).
Not only does this [hopefully] solve your problem, but it will help to
discover unwanted traffic (worms, trojans, etc) that you might not
normally detect.
Keep in mind, however, that given enough time/effort/ingenuity, a
motivated individual can bypass your outbound limitations via various
tunneling methods.  Software like Kazaa is notoriously good at finding
open holes.  Another good alternative that's been discussed on the misc@
list recently is using authpf.
As Bob Beck put it:
'Authpf is the technical means to make it a social solution. Authpf
works because they know they'll be held accountable for what they do if
it becomes a problem, and it doesn't matter *how* they do it. Thinking
like a "let's block stuff" firewall administrator does not solve the
root of the problem.'
-J.