[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kazza problems



On Sat, Feb 22, 2003 at 10:43:50AM -0500, Jason Dixon wrote:
> On Sat, 2003-02-22 at 09:52, Danny Kjærgaard wrote:
> > I im trying to block out kazaa, i did some research on the net and i sound like it cant be done. I just wantede to hear if some of you guys have a solution that works. 
> > 
> > I blocked the tcp port 1214. But that doesnt work. And like i read in my search kazaa will do port jumps and end up using an other port.
> 
> Rather than attempting to block a few troublesome ports, why not block
> all outgoing and only allow certain services (http, pop3, smtp, etc). 
> Not only does this [hopefully] solve your problem, but it will help to
> discover unwanted traffic (worms, trojans, etc) that you might not
> normally detect.
The first port Kazaa trys after it can't get out on the default port is
:80. After that it will port hop trying to find an open port.
> Keep in mind, however, that given enough time/effort/ingenuity, a
> motivated individual can bypass your outbound limitations via various
> tunneling methods.  Software like Kazaa is notoriously good at finding
> open holes.  Another good alternative that's been discussed on the misc@
> list recently is using authpf.
Why not use application proxies that understand the protocols he wants
to let out or perhaps run snort w/ kazza rules to alert on policy violation.
Chris

Attachment: pgp00056.pgp
Description: PGP signature