[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking kazaa

On Tue, 19 Nov 2002, Fadel wrote:

> I got a trouble in my network while trying to block Kazaa.
> I tried to drop port 1214 with this rule:
> iptables -A FORWARD --dport 1214 -j DROP
> but this doesn't work.

Right, that's not enough :(

> so I did sniffing to see what kind of packets and
> ports kazaa uses and I saw that it searches for servers in different ports.
> later, I read in various texts around the net, but all recommend to block
> port 1214 and kazaa site. this probably worked in version 1.
> how could I block kazaa, since I need accept connections in high ports?

Hey, it's a hack. But it's mine :=) (not knowing better :( )

Daemonized ngrep:

  ngrep -l -q -t -d eth0 -i 'kazaa' >> <some log file>

and added a cron job that parses the log file looking for UDP packets
that include the string kazaa (caseless) in the first 16 bytes. Rip
the ip-address and:

  route add -host <host-ip> reject


  ip route add blackhole <host-ip>/32

in a few words (the script is longer).

You could look for the strings 'kazaa' and 'super.*server' on TCP
packets, to catch a few more.


Reply to: