richardjones
asked on
Blocking Kazaa, Shorewall iptables firewall in mandrake9
Hi,
i've got some client machines running windows, and one linux (mandrake9) server with an ADSL internet connection, dynamic IP, 512kbps, USB modem, acting as IP masq for the windows clients, which get their IPs from DHCP on linux box.
Is there a way to block the P2P program Kazaa from working from behind the firewall on the windows boxes? i tried DENY/DROPping traffic on port 1214, but Kazaa just changes ports if i block one.
I'd like some entries to put in my RULES file, or similar that will stop kazaa from accessing the internet.
I don't really want to have to set a default rule of denying any outgoing connections and then enabling stuff like 80,21,blah as that would be a pain in the arse.
Thanks,
RJ
i've got some client machines running windows, and one linux (mandrake9) server with an ADSL internet connection, dynamic IP, 512kbps, USB modem, acting as IP masq for the windows clients, which get their IPs from DHCP on linux box.
Is there a way to block the P2P program Kazaa from working from behind the firewall on the windows boxes? i tried DENY/DROPping traffic on port 1214, but Kazaa just changes ports if i block one.
I'd like some entries to put in my RULES file, or similar that will stop kazaa from accessing the internet.
I don't really want to have to set a default rule of denying any outgoing connections and then enabling stuff like 80,21,blah as that would be a pain in the arse.
Thanks,
RJ
ASKER
I was half hoping i had misunderstood how kazaa was working- but i can appreciate that i can't just block ports X to stop it.
is there a way to analyse packets and check if they are "kazaa traffic" and just drop them?
i'd rather not block all outgoings and work backwards.
is there a way to analyse packets and check if they are "kazaa traffic" and just drop them?
i'd rather not block all outgoings and work backwards.
what FW you are using? i know that there is an option in Check Point FireWall-1 NG FP3 blocks P2P traffic using the HTTP Security Server. To do this, you
need to specify forbidden HTTP headers and header patterns using regular expressions.
FireWall-1 is pre-configured with settings to block ICQ, Kazaa, MSN Messenger, Yahoo
Messenger and Gnutella. To block P2P applications, use a default HTTP resource in a rule
(which loads the HTTP Security server), and using DbEdit change the global property
“http_detect_header_patter n_mode” from FALSE (the default value) to TRUE.
i would sniff to a url were the application tries to login and then, define an object with this url (urls) and drop access to them by a simple rule
need to specify forbidden HTTP headers and header patterns using regular expressions.
FireWall-1 is pre-configured with settings to block ICQ, Kazaa, MSN Messenger, Yahoo
Messenger and Gnutella. To block P2P applications, use a default HTTP resource in a rule
(which loads the HTTP Security server), and using DbEdit change the global property
“http_detect_header_patter
i would sniff to a url were the application tries to login and then, define an object with this url (urls) and drop access to them by a simple rule
as an experianced user, I always know how to circumvent a firewall (-; that's pain for big boss and/or admins )-;
richardjones, if you have experienced users, you need a firewall with authentification per user per port.
If you don't care about experienced users, a somehow "sophisticated" firewall /like CheckPoint-1) or an application-level firewall can do it.
richardjones, if you have experienced users, you need a firewall with authentification per user per port.
If you don't care about experienced users, a somehow "sophisticated" firewall /like CheckPoint-1) or an application-level firewall can do it.
ASKER
I'm using shorewall, an iptables firewall that comes with mandrake9.
Unless there is a way to do it on linux, without buying an expensive firewall, then i won't bother. the threat of removing internet access should be sufficient to stop people using kazaa.
rj
Unless there is a way to do it on linux, without buying an expensive firewall, then i won't bother. the threat of removing internet access should be sufficient to stop people using kazaa.
rj
If you have sygate firewall you can block access to the interent from certain programs...Thanks
sickity,
do you have a link?
how does this firewall know which program on the other computer initiated the traffic?
do you have a link?
how does this firewall know which program on the other computer initiated the traffic?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
I recommend: points to damole1
If you would like to keep this question open for more expert input, this cleanup effort will get it closer to the top of the list where it will get more visibility for the experts.
if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. https://www.experts-exchange.com/Community_Support/
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
thanks,
lrmoore
EE Cleanup Volunteer
---------------------
I will leave a recommendation in the Cleanup topic area for this question:
I recommend: points to damole1
If you would like to keep this question open for more expert input, this cleanup effort will get it closer to the top of the list where it will get more visibility for the experts.
if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. https://www.experts-exchange.com/Community_Support/
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
thanks,
lrmoore
EE Cleanup Volunteer
---------------------
Finalized as proposed
modulo
Community Support Moderator
Experts Exchange
modulo
Community Support Moderator
Experts Exchange
Then for eDonkey, then for ...
Think you need a application level firewall (adaptive proxy) for that, and a appropriate hardware for it too ..
Better you go with a limited set of open outbound ports, you even may use a proxy (like squid) with authentification for them.
But keep in mind that experianced users always may tunnel whatever port they like over for example port 80.