01-24-2003 12:34 PM - edited 03-09-2019 01:50 AM
hi ,
I've been trying to block access to Kazaa . I used and Outbound Deny on port 1214 for both TCP and UDP. I also put in an access list which read ...
access-list 110 deny tcp/udp any any eq 1214 . Also , I was killing any sessions to and from Port 1214 using an ISS IDS . Nothing works, although some of these steps do slow down Kazaa it does not stop it altogether.
I would appreciate any help in this matter.
01-25-2003 12:11 PM
Solution 1:
block all incoming TCP connections but the really needed ones
Problem with Solution 1:
Um. That doesn't work for kazaa (fasttrack), gnutella, etc.
These apps will detect if they're firewalled, and if two peers want
to talk to eachother where one side is firewalled, the connection
will always be initiated by the firewalled one.
(And for public networks, every port is "needed" if you ask the users.)
instead of blocking port 1214, ... you may want to use QoS feature
on router or ... to limit the bandwidth to a few kbps. The reason behind the second point is to fool the users. Some traffic is going anyway, so, they will not try other ports but the default.
This would fool the clueLESS ones. It might hold the clueful ones at
bay for a few weeks, until they realize "Hey, that's strange, I'm
consistently getting N times the bandwidth when I leach 1337 stuff
on IRC or via FTP.", at which point the worst bandwidth hogs _will_
move on to other protocols, or maybe start fiddling with their port
number settings... and tell all their friends.
Read this:
http://helpdesk.gwu.edu/helpdesk/whatsnew/fall02/kazaa.100902.html
"Kazaa v2 is bypassing all our controls! Argh!"
And then take into account "helpful" sites like this one I found
right away when googling for "get around bandwidth limits kazaa":
http://www.dslreports.com/forum/remark,4481903~root=campus~mode=flat
"Have you tried:
Socks2Http - Tool to bypass firewalls and proxys that may be
blocking KaZaA.
Socks2HTTP is an agent converting SOCKS v.5 requests into HTTP requests
and tunneling them through HTTP proxy. [...]"
(And now I'm making it even easier to find when this gets added to the
web archives. *sigh*)
dlabbadia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide