Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking Kazaa

Hi,

Can someone provide information on how to block access to Kazaa with access-lists on a internet router.

Thanks.

4 REPLIES
Gold

Re: Blocking Kazaa

Hi, Try

access-list 1 deny tcp any host 213.248.107.10 eq 1214

access-list 1 deny udp any host 213.248.107.10 eq 1214

Then place the access list on the inside interface:

access-group 1 in

Hope this helps - Jay

New Member

Re: Blocking Kazaa

Thanks for the reply Jay, i have been looking through the forums and have found that kazaa2 uses different ports than 1214. The recommendation is to use NBAR to block the traffic.

If there is anyone who can supply a config to use NBAR on a internet router to block kazaa and P2P traffic while allowing all other traffic i would appreciate it.

Thanks.

Gold

Re: Blocking Kazaa

Hi Paul -

Not too sure on Kazaa2 but if you want document on setting up NBAR then please check the following (for cisco router IOS 12.2 Main Line).

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d0.html

Thanks - Jay

New Member

Re: Blocking Kazaa

Hi,

If it is not too much trouble, deploy a linux box with Snort IDS + a plugin for it, called SnortSam. SnortSam can do shunning for PIX and many other firewalls, so Snort will detect Kazaa2 (it has appropriate signatures for it) and will tell SnortSam to block destination IP address (you can block the source IP also but in this case the internal user won't access anything at all). SnortSam opens a telnet session to PIX and blocks the dest IP. The Snort's signature detects the download session of Kazaa only, so users can search Kazaa but as soon as they start download/upload Snort/SnortSam/PIX will block the session.

If you gonna do it bring the SnortSam config into non-threading mode, so it does not forget to unblock the dest. IP after some time.

I think it is much better this way than to deploy a router with NBAR just for this

Dmitry

111
Views
0
Helpful
4
Replies
CreatePlease login to create content