Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
2
Replies

Denying Kazaa on PIX515UR

wdalati
Level 1
Level 1

‎11-21-2002 12:34 AM - edited ‎03-09-2019 01:08 AM

Hi

Well there is a policy on our network to deny Kazaa from being used, i tried to use an access list to block port 1214 and applied it on the outside interface as incoming traffic and it did not work. Same as on the internal network. Also i found out that kazaa port can be changed manually.

access-list no_kazaa deny tcp any any eq 1214

access-list no_kazaa deny udp any any eq 1214

Is there any way to stop Kazaa for good? please advice.

Wael

Labels:
0 Helpful
2 Replies 2

bhaase
Level 1
Level 1

‎11-21-2002 01:23 PM

I am trying to do the same thing. What I found out was that Kazaa (and most P2P apps) will start out by connecting to TCP/1214 and if it can't it will try well-known ports like 80, which you don’t want to block. About the only way to stop any type of P2P traffic is to implement a traffic-shaping device that actually examines the payload of each packet . Packeteer makes several good ones that are used by a lot of major universities. Check out: http://www.packeteer.com/

-bhaase

0 Helpful

gfullage
Cisco Employee
Cisco Employee

‎11-21-2002 04:16 PM

If you applied this inbound on your outside interface, then it's probably not doing anything cause you've specified the port number as the destination port, I would think as traffic comes back in from the Kazaa server 1214 will be the source port. But keep in mind that if Kazaa can't get through on port 1214, it will then try port 80 and 8080, which makes this ACL pretty useless and virtually impossible to properly block, also considering that you can easily change the port number it uses anyway. I would do the following:

access-list no_kazaa deny tcp any any eq 1214

access-list no_kazaa deny udp any any eq 1214

access-list no_kazaa deny any 213.248.112.0 255.255.255.0

access-list no_kazaa permit ip any any

access-group no_kazaa in interface inside

The 213.248.112.0/24 network is where all the Kazaa servers reside, so even if it starts using a new port, access to be able to search for anything will be stopped. No guarantees that this won't change in the future though, so you'll need to keep an eye on your users.

There's a good web page for blocking all the P2P stuff here (http://testweb.oofle.com/filesharing/index.htm).

0 Helpful
Customers Also Viewed These Support Documents