Re: blocking kazaa
On Tue, 19 Nov 2002, Fadel wrote:
> I got a trouble in my network while trying to block Kazaa.
> I tried to drop port 1214 with this rule:
> iptables -A FORWARD --dport 1214 -j DROP
> but this doesn't work.
Right, that's not enough :(
> so I did sniffing to see what kind of packets and
> ports kazaa uses and I saw that it searches for servers in different ports.
> later, I read in various texts around the net, but all recommend to block
> port 1214 and kazaa site. this probably worked in version 1.
> how could I block kazaa, since I need accept connections in high ports?
Hey, it's a hack. But it's mine :=) (not knowing better :( )
ngrep -l -q -t -d eth0 -i 'kazaa' >> <some log file>
and added a cron job that parses the log file looking for UDP packets
that include the string kazaa (caseless) in the first 16 bytes. Rip
the ip-address and:
route add -host <host-ip> reject
ip route add blackhole <host-ip>/32
in a few words (the script is longer).
You could look for the strings 'kazaa' and 'super.*server' on TCP
packets, to catch a few more.