Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
IDS signatures for blocking traffic from Kazaa or other sites
Sensor signatures may include instructions to block sources of a particular attack, whenever that attack is detected. It is also possible to have a trusted network device whose normal, expected behavior appears to be that attack. Sensor signatures can be set to ignore a particular perceived attack when its source is a trusted network device.
Using the Cisco Intrusion Detection System (IDS), these are the two signatures related to Kazaa:
11000: Kazaa version 2 User Datagram Protocol (UDP) client probe:
Kazaa is a common Peer-to-Peer (P2P) file sharing application distributed by Sharman Networks. Kazaa clients maintain a loosely meshed, decentralized network of systems sharing files. Certain nodes with sufficient bandwidth and resources serve as supernodes on the network providing a distributed search function.
Kazaa clients send UDP packets to various systems searching for another Kazaa peer. This signature fires when the keyword "Kazaa" is seen in a UDP packet destined for UDP port 1214 (SubSig 0), 1531 (SubSig 1), or from port 3861 (SubSig 2).
11005: Kazaa GET request
The signature fires when a client request to the default Kazaa server port (Transmission Control Protocol (TCP) 1214) is detected.
If you want to use a firewall, you can try to block ports UDP 1214, 1531 and 3861 TCP 1214.