Denying Kazaa on PIX515UR

Unanswered Question
Nov 21st, 2002
User Badges:

Hi


Well there is a policy on our network to deny Kazaa from being used, i tried to use an access list to block port 1214 and applied it on the outside interface as incoming traffic and it did not work. Same as on the internal network. Also i found out that kazaa port can be changed manually.


access-list no_kazaa deny tcp any any eq 1214

access-list no_kazaa deny udp any any eq 1214


Is there any way to stop Kazaa for good? please advice.


Wael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I am trying to do the same thing. What I found out was that Kazaa (and most P2P apps) will start out by connecting to TCP/1214 and if it can't it will try well-known ports like 80, which you don’t want to block. About the only way to stop any type of P2P traffic is to implement a traffic-shaping device that actually examines the payload of each packet . Packeteer makes several good ones that are used by a lot of major universities. Check out: http://www.packeteer.com/


-bhaase

gfullage Thu, 11/21/2002 - 16:16
User Badges:
  • Cisco Employee,

If you applied this inbound on your outside interface, then it's probably not doing anything cause you've specified the port number as the destination port, I would think as traffic comes back in from the Kazaa server 1214 will be the source port. But keep in mind that if Kazaa can't get through on port 1214, it will then try port 80 and 8080, which makes this ACL pretty useless and virtually impossible to properly block, also considering that you can easily change the port number it uses anyway. I would do the following:


access-list no_kazaa deny tcp any any eq 1214

access-list no_kazaa deny udp any any eq 1214

access-list no_kazaa deny any 213.248.112.0 255.255.255.0

access-list no_kazaa permit ip any any

access-group no_kazaa in interface inside


The 213.248.112.0/24 network is where all the Kazaa servers reside, so even if it starts using a new port, access to be able to search for anything will be stopped. No guarantees that this won't change in the future though, so you'll need to keep an eye on your users.


There's a good web page for blocking all the P2P stuff here (http://testweb.oofle.com/filesharing/index.htm).

Actions

This Discussion