Blocking Kazaa Connections - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Blocking Kazaa Connections

  1. #11
    Member
    Join Date
    May 2002
    Posts
    82
    Bad newx, Tiger...

    There just aint no way to do it without setting up a major proxy service, and my poor 300mhz gateway just don't got the juice to manhandle it (without causing a serious bottleneck problem)...

    At any rate, If you're interested in knowing, you CAN use a proxy service that will scan the contents of each passing packet, and drop the kazaa junk... But like I said, it's weighs heavy on the heart... (and it's a real arse to set up, too... )

    From where I'm sitting, it's just not worth the trouble... I'll just start kicking butt...

    Thankx for the helpz

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  2. #12
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    We take about three different tacks on this. KaZaa, Morpheus and other P2P systems must execute, so we can grab a signature from the executable and add it to our Key server (license keys) and award that signature a grand total of zero, zip, nadda licenses. Renaming the executable doesn't defeat this. Of course, you have to have all the signatures for all the different versions.

    We also add the executable name (and/or the installer package name) to the "do not run" list in AD. That has limited effectiveness.

    Otherwise, we monitor bandwidth at the router. The P2Ps have a "signature" that we can identify quickly. Kinda like the spikes for SETI@Home. P2P's start taking a percentage of the available pipe, and hold it at that level. Sniff the packets and find the offender. Nail the turkey to the wall and watch 'im or 'er squirm.

    Oh, yeah, make sure you have a copy of the corporate AUP (acceptable use policy) that indicates those activities which result in termination. :-)

  3. #13

  4. #14
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    This may be overly simplistic, but how about a little app that detects when Kazaa starts up, then immediately shuts down the system, or beeps incessantly, or just blacks out the screen until a combination of keys is pressed....

  5. #15
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    On the cheap you can get the pstool kit from systernals

    bastard.bat
    ---------------------------
    echo. >stations.txt
    echo. >running.txt
    echo. >results.txt
    net view >>stations.txt
    for /F "tokens=1" %%X in (stations.txt) do pslist -t %%X >>running.txt
    find /I /C "kazaa" running.txt >>results.txt
    notepad results.txt
    ---------------------------


    if you get a number in results.txt open running.txt and do a find for kazaa to see who it is

    or you could use fscan (foundstone) instead of pslist if its not an nt network

    fscan -bp 80,1214 10.0.0.1-10.0.1.200 >>running.txt

    what i like to is open a terminal using psexec \\station -s cmd and rename all the dlls in the kazaa folder D one one, net send 127.0.0.1 file sharing is against company policy, then pskill \\station kazaa although id like to say ive been lucky because ive only come accross one instance of bear share, but i get a charge out of doing this with IMs which i get allot of
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #16
    Member
    Join Date
    May 2002
    Posts
    82
    Tedob... I thought about implementing something like that where I have a doze box set up on a spare port just for this sort of thing, but I'd rather not ($$$)... Besides... I prefer the idea of traffic control rather than remote application control (I'm against any type of wide-open, backdoor service like that - "justified" or not... It's simply bad practice from a security standpoint...

    Besides the potential security mess... It doesn't take a lot of brain to figure out ways around it. I'd rather have the WinIdiots come to me asking my why they can't get any traffic through... If I lock down their system after they installed/ran an app under a "nazi" environment, they'll know they've messed up and it's the Clinton dance all over again... I say, "Build the filter... They will come..."


    Seabass...

    Yer my new hero... That's the kind of thing that keeps me coming back for more... I can't believe I never came across the link... Now if I can just figure out how to get it setup on OpenBSD, I'll be good to go...

    Thanx, all. Been real...

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  7. #17
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    agreed this is no where near as good as what your talking about but i would like to point out that if your running an nt network your already wide open for these kind of tools. they use WMI and are not backdoors but run from your computer. there's nothing needed on the workstation side but nt. and as far as finding ways around it...they dont even know whats happening... i want them to know they're being watched
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #18
    Junior Member
    Join Date
    Jul 2003
    Posts
    28
    Rev: There's another way to do it using iptables string matching. I've just started messing with it. Similar stuff (above layer 3) has been discussed ealier in this thread.

    Seabass

  9. #19
    Member
    Join Date
    May 2002
    Posts
    82
    hmmm....

    I agree with you on the point that any NT environment (doze environment) is wide open... My point is that WMI is just MS' proprietary name for a backdoor client (NT, XP, etc... are backdoors in and of themselves, but I hope we can simply agree to disagree here if nothing else). I'm too *NIX to care, anyway ...

    I just don't want to have to use MS as a temporary solution... It's too expensive and it's against my religion...

    I'm going to play with p2pwall and see what I can come up with... I'll let you all know how it turns out.

    Thanx again for the inputs.

    Cheers,

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  10. #20
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    im sorry if i sounded disagreeable wasn't meant that way. i just didn't want you to think i was suggesting trojaning your workstations :] mr bill has already done a fine job of that!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •