RE: Blocking Kazaa with iptables

To: "'debian user list'" <debian-user@lists.debian.org>
Subject: RE: Blocking Kazaa with iptables
From: "Josh Rehman" <java.josh@verizon.net>
Date: Tue, 19 Nov 2002 09:11:43 -0800
Message-id: <[🔎] 01be01c28fee$bc5460b0$6401a8c0@sumi>
In-reply-to: <[🔎] 20021119171743.GA28599@jc.oftheinter.net>

The input chain is for incoming packets. It is unlikely that kazza
clients use a special port - they probably take the first one available,
just like web clients.

If the client does essentially port scanning (to find a good server
port), there is little you can at the iptables level. You will have to
examine packets to deduce kazaa-ness. I don't know of a good way to do
this, but I'd be interested in the solution. Another novel solution
would be to have a stateful firewall that flags ip's that are trying
port 1214 and any ports immediately following. The worst that would
happen there is that legitimate uses of the higher ports will be
impossible for a single ip until kazaa is shut down on that ip. I like
that last solution since it doesn't require knowledge of packet
contents! But, I wouldn't know how to implement it, and users could get
around it by specifying a different initial port.

> -----Original Message-----
> From: Jeff [mailto:jcoppock1@attbi.com]
> Sent: Tuesday, November 19, 2002 9:18 AM
> To: Fadel
> Cc: debian user list
> Subject: Re: Blocking Kazaa with iptables
> 
> Fadel, 2002-Nov-19 13:13 -0300:
> > Hi there,
> >
> > I got a trouble in my network while trying to block Kazaa.
> > I tried to drop port 1214 with this rule:
> >
> > iptables -A FORWARD --dport 1214 -j DROP
> >
> > but this doesn't work. so I did sniffing to see what kind of packets
and
> > ports kazaa uses and I saw that it searches for servers in different
ports.
> > later, I read in various texts around the net, but all recommend to
block
> > port 1214 and kazaa site. this probably worked in version 1.
> >
> > how could I block kazaa, since I need accept connections in high
ports?
> >
> > sorry for the bad english.
> 
> Have you tried blocking on the INPUT chain?  That's where'd I'd put
> that rule.
> 
> jc
> 
> --
> Jeff Coppock		Systems Engineer
> Diggin' Debian		Admin and User
> 
> 
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- RE: Blocking Kazaa with iptables
  - From: grandmother@telia.com

References:
- Re: Blocking Kazaa with iptables
  - From: Jeff <jcoppock1@attbi.com>

Prev by Date: sqwebmail -- now what?
Next by Date: Procmail + debian +Qmail
Previous by thread: Re: Blocking Kazaa with iptables
Next by thread: RE: Blocking Kazaa with iptables
Index(es):
- Date
- Thread