I am trying to block users in our network from using Kazaa and similar. I put the following in our perimiter router.
access-list 120 deny tcp 192.x.x.x 0.0.0.255 any eq 1214
access-list 120 deny udp 192.x.x.x 0.0.0.255 any eq 1214
access-list 100 permit ip any any
I want to allow everything else, as the firewall deals with this.
When I viewed the access lists after still being able to access and download files from Kazaa, they were showed as matching. If they were matching, surely they should have been denied. I presume I am missing some other ports that are required. I then added in ports 6346, and 6347, but these showed no matches. I think these are for gnutella.
Kazza first trys port 1214. If that port is blocked it starts to connect using "well known ports" like port 23 (telnet) and 80 (www). This makes blocking Kazza difficult. The best solution is a traffic shaping device such as a Packteer (www.packeteer.com)
Websense doesn't block them, we have it running with Pix. It only blocks url access to the web sites. We've been trying for weeks to figure this out. We've been testing and sniffing KaZaa Lite and it's a real bear...can't even tell with a sniffer what it's really doing. It just keeps adjusting destinations and changing ports, then appears to go into a real agressive mode of some kind and starts working. ...Cisco IDS is the only thing we've been able to find that will touch it, at least with the current versions of KaZaa and KaZaa lite. We're getting ready to start shunning to the inside.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...