-
August 20th, 2003, 10:19 AM
#1
Member
-
August 20th, 2003, 10:29 AM
#2
Yes,
Kazaa places peer info in a registry key. This means that anything you try with a firewall will ultimately fail in blocking the traffic. The *only* way that I have been able to block this traffic has been with Websensehttp://www.websense.com. The problem here is that Websense costs a few bucks and requires at least two beefy servers.
Other than that, restricting installation of software on the workstation would be your last resort.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 20th, 2003, 10:38 AM
#3
Kazaa also sends out it's initial SYN on port 1214. Upon failure it switches down 80 I believe which you can't block. However if you have your firewall alert you on port 1214 connections then you can determine which computer and then deal appropriately with the keyboard to seat interface, (the (L)user)...... It works for me..... only had one attempt...... then the word went out..... "Tiger Shark gets real pissy if you......." <snikker>
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 20th, 2003, 10:39 AM
#4
-
August 20th, 2003, 11:12 AM
#5
Yes, we too employ the "deskside visit". The word does spread and we do see much less attempts, however, I deal with 10k users so there is always some clown who thinks he can beat the system - how sadly mistaken they are
Anyway, the predefined peers in the registry key, to date, have not been posted here on AO. I looked at the key briefly and it wasn't as simple as a list in a REG_SZ key. The Kazaa key is a binary entry, which after looking at it, is nothing more than crypto babble (on the surface ofcourse). So the answer is, to date, no one here knows exactly what peers are listed statically or if there is some type of calculation that is performed to come up with a peer.
Again, you'll need a solution at your gateway which is able to block specific protocols, you'll need to set triggers in whatever you use to monitor firewall logs (or IDS logs) or you have to prevent users from installing software on the workstations (via group policy or local security policy). That about sums it up.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 20th, 2003, 12:26 PM
#6
The option which springs to mind, aside from using things like "Layer 7 packet classifier"
http://l7-filter.sourceforge.net/
Or commercial alternatives, would be:
- Set up a transparent proxy
- Discover what URL patterns Kazaa uses
- Add rules to the proxy configuration to block requests for URL patterns known to be used by Kazaa
- Block all outgoing connections not going through the transparent proxy
Slarty
-
August 20th, 2003, 12:34 PM
#7
Member
Argh! And I thought I was going to be able to relax today... Oh well... Time to get at it. I'll play with it and let you know what I come up with. Thanx for the ideas.
Rev
Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.
With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.
-
August 20th, 2003, 01:46 PM
#8
Jazz: If you come up with a workable, "generic" fix for Kazaa I would be interested in seeing your solution..... I don't have a problem with it but I would like to stop it period rather than have to wander down to someone's desk and hurt my hand on the side of their head.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
August 20th, 2003, 01:56 PM
#9
Muhwahahahaa! Isn't the act of showing up with a perma-scawl on your face part of the fun of being a network nazi??!! Well, that's what we've been labled as anyway...
We built rules based on Kazaa traffic patterns but it seems that each new release of Kazaa comes with distinct changes in how it interoperates with other peers. We got tired of chasing end users around and coming up with reliable rulesets so we installed Websense and have had no issues to date even with the new releases of Kazaa.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 20th, 2003, 02:15 PM
#10
Originally posted here by thehorse13
Muhwahahahaa! Isn't the act of showing up with a perma-scawl on your face part of the fun of being a network nazi??!! Well, that's what we've been labled as anyway...
Look Hoss..... I'm knocking on a bit now...... The perma-scowl is perma through so many years of it being there and I'm getting arthritis from too many nights out crawling through cold, wet mud to make a living...... So..... Anything I can do to preserve this stunning body of mine I will.......
We built rules based on Kazaa traffic patterns but it seems that each new release of Kazaa comes with distinct changes in how it interoperates with other peers. We got tired of chasing end users around and coming up with reliable rulesets so we installed Websense and have had no issues to date even with the new releases of Kazaa.
Yeah.... and the more the RIAA/MPAA screw with the system the harder this is going to be to detect let alone stop..... They are really shooting themselves in the foot by making it consistently harder for us nice, law-abiding sysadmins from helping them to minimize the traffic......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|