Re: deny kazaa , imesh, chat programs

[Micha Feigin <michf@math.tau.ac.il>]

On Wed, 2003-08-13 at 01:21, Derrick 'dman' Hudson wrote:
> On Wed, Aug 13, 2003 at 01:07:58AM +0300, Mehmet AK wrote:
> | Hi there
> | 
> | i want to deny kazaa , imesh etc. and chat programs our local
> | network . can u help me
> 
> >From what I've heard about kazaa, it can't be blocked by a simple
> port-matching firewall rule.  I've heard that it uses any and all
> ports it can, including 80, to try and bypass simple firewall rules.
> Instead you need full application-level introspection of the packets
> to identify kazaa traffic.  The only tool I know of that does this is
> the load balancer Taylor U. installed a year or so ago.  It's a
> commercial hardware device that costs somewhere on the order of $12K
> (USD).  If you want me to find out what it is I'll get in touch with
> the admin at TU and pass on the info.
> 
> Other than that, read the iptables documentation (found on
> http://netfilter.samba.org).
> 
> -D

It will be hard to completely block it as stated here since it can
bypass most port options, but you could limit outgoing connections to
those that connect to ports of services you want to allow such as http,
ftp etc.
I don't know how much it will work, but you can try blocking outgoing
connection that try to connect to target ports:
6882 4444 4662 1214 6346 9999 9074 2234
Those are the ports configured by mldonkey on my machine for all
protocols it recognises (including imesh and kazaa).
I don't know how good those programs are at locating servers listening
on other ports, and how many such servers there are.