RE: Blocking Kazaa with iptables
On 19 Nov 2002, at 9:11, Josh Rehman wrote:
> The input chain is for incoming packets. It is unlikely that kazza
> clients use a special port - they probably take the first one available,
> just like web clients.
>
> If the client does essentially port scanning (to find a good server
> port), there is little you can at the iptables level. You will have to
> examine packets to deduce kazaa-ness. I don't know of a good way to do
> this, but I'd be interested in the solution. Another novel solution
> would be to have a stateful firewall that flags ip's that are trying
> port 1214 and any ports immediately following. The worst that would
> happen there is that legitimate uses of the higher ports will be
> impossible for a single ip until kazaa is shut down on that ip. I like
> that last solution since it doesn't require knowledge of packet
> contents! But, I wouldn't know how to implement it, and users could get
> around it by specifying a different initial port.
>
Wouldn't it be better if you could block network activities by
process (like: block all Kazaa connection to eth0 but allow
connection to eth1, or something like that) aswell as by connection
type, destination, source or whatever. Is there anyway to do that?
Reply to: