Blocking Or Limiting Kazaa

[ninboy59]

I am trying to block or limit the bandwidth used by Kazaa (2.x or higher) on my network. I don't want to completely block access, but the current usage is slowing all access to a crawl. I have tried blocking port 1214 with no success. The Kazaa client can still find a connection on port 80 (HTTP) or any unblocked port. I guess version 2.x and higher can dynamically find a port to connect on. I guess the real question is : Is there any way to effectively control Kazaa usage?

[Jon]

Bandwidth Quotas per IP address / Per protocol, which is possible using things like MS ISA server.

[ninboy59]

Thanks, but, is there any way to do it using standard firewall techniques? My company isn't willing (at this point) to purchase anymore crap. :(

[Jon]

Well what firewalling software do you use.

A well designed (as in the rule set) firewall should block EVERYTHING, and only allow through what is needed.

And why is your company allowing ANY access? Dont they realise the legal implications of sharing illegal media?

[thingsforjason]

what firewall are u using now? i thought that blocking the 1214 port would prohibit transfers...but not kazaa conections (i could be wrong tho)

you could also just send out a big nasty memo saying no more kazaa, and uninstall it from everyone's computer. i mean, if it's a company setup, you should be able to march in there and get rid of kazaa. :ninja:

[ninboy59]

I am currently using a Sonicwall Soho 3 Internet Appliance. I have all incoming ports blocked. The only outgoing ports I have open are HTTP, FTP, POP3, SMTP, NNTP. But because Kazaa has the ability to use port 80 (HTTP), I can still connect and download from Kazaa. :woot: My company doesn't have a formal policy concerning Kazaa (we're kinda lax about stuff like that) but the president of the company has been complaining about not being able to look at his stocks online, so I figured it was time to do something about it.

[Jon]

You should get an Acceptable Use Policy (AUP) drawn up quickly, unless you do, the company is liable for the actions of its employees. If they look at kiddy pr0n,warez etc at work, and the police/copyright owners get involved, you are well and truely in the sh*t and believe me, as the firewall guy, YOU will be in the sh*t.

An AUP is absolutely essential.

Go read RFC2196, and establish some tight policies.

[ninboy59]

Thanks. :D

[Inertia]

these days if you have http open, anything can run through a virtual socks server running localy through http tunneling

[ninboy59]

Thanks again,

I guess the only thing left I can do is try an acceptable use policy as was recommended, and if worse comes to worse, set up group policies locking down every computer. I guess I'll be known in my company as the Net N*zi. LOL Thanks for all of your suggestions.

[MxxCon]

yup, lay down AUP and then use IDS like SNORT to see who violate it.

[Techgirl]

What exactly is "SNORT" and what does it do?

[MxxCon]

heh.. "Techgirl" and you don't know how to use google? :rolleyes:

SNORT is one of many IDS (intrusion detection system). IDS monitor network traffic and compare it to a set of rules and then trigger any number of events based on result of that comparison.

in layman's term IDS is a firewall w/o blocking features and pretty advanced scripting capabilities.

[ModuleX]

well you could try lock down port 129 or 139 i think sorry i dont use any form of file sharing programs

[MxxCon]

well you could try lock down port 129 or 139 i think sorry i dont use any form of file sharing programs

port 129 is Password Generator Protocol

port 139 is Netbios

neither have anything to do with kazaa

:no: