[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: blocking new version of kazaa

To: <nick@holland-consulting.net>, <misc@openbsd.org>
Subject: Re: blocking new version of kazaa
From: "Oliver Bode" <oliver@x509security.com>
Date: Sun, 31 Aug 2003 10:31:12 +1000

This weekend I attempted to follow the advise on dns poisining to block
Kazaa.... Well I actually used the 8 minute approach provided later in the
thread by Oblek which I suspected does the same thing.
http://archives.neohapsis.com/archives/openbsd/2003-07/2302.html

It works fine for the web, but I use dansguardian proxy to filter anyway.
Kazaa Lite doesn't use port 53 so I don't think this approach works? What
resolved the problem with Kazaa Lite for me was the following:
http://www.computing.net/networking/wwwboard/forum/14828.html

The PF rule that kills Kazaa Lite on my local interface is:

block in quick on $PrvIF inet proto { tcp, udp } from $PrivateIPs to any port
{ 80, 1000 >< 4000 }

Unfortunately this rule kills the web too so you have to use a web proxy on a
different port.

At the end of the experiment I came to the conclusion that it is virtually
impossible to prevent this type of activity altogether. The closest I think
you can come is by enforcing a strict firewall that only allows certain
services and blocks everything else and strict organisational policies which
support it.

Oliver

Follow-Ups:
- Re: blocking new version of kazaa
  - From: "Brian W." <bri@sonicboom.org>
- Re: blocking new version of kazaa
  - From: Jochem Kossen <j.kossen@home.nl>

Prev by Date: Re: LFS (was: New FSs in 3.4?)
Next by Date: Re: blocking new version of kazaa
Prev by thread: Re: blocking new version of kazaa
Next by thread: Re: blocking new version of kazaa
Index(es):
- Date
- Thread