Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Blocking Kazaa traffic by ISP

Reply
Thread Tools

Blocking Kazaa traffic by ISP

 
 
mimiseh
Guest
Posts: n/a
 
      10-22-2003
I know it is very diffcult to block Kazaa traffic at the client side, it is
possible to ask the ISP the block the Kazaa traffic from passing to our
internet router.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      10-22-2003
In article <UJAlb.33$(E-Mail Removed)>,
mimiseh <(E-Mail Removed)> wrote:
:I know it is very diffcult to block Kazaa traffic at the client side, it is
ossible to ask the ISP the block the Kazaa traffic from passing to our
:internet router.

You can always -ask-, but whether they can or will do it is a different
matter. They will likely suggest that you should install a firewall
and do it yourself.


The relevant PIX entries that we have are:

: Kazaa and Morpheus -- and audiogalaxy too
access-list acl-Ginside deny ip any 64.245.58.0 255.255.255.0
access-list acl-Ginside deny ip any 64.245.59.0 255.255.255.0
access-list acl-Ginside deny ip any host 213.248.107.10
access-list acl-Ginside deny ip any 213.248.112.0 255.255.255.0
access-list acl-Ginside deny udp any any eq 1214
access-list acl-Ginside deny tcp any any eq 1214


This probably just slows people down, and doesn't help on the
peer-to-peer equivilents that use port 80. That's why we monitor
our logs.


If KaZaa and kin are noticable problems in your organization then:

1) Make sure you have a security policy that deals with the situation
(one with some teeth!);
2) Be prepared to monitor traffic; and
3) Consider installing a product from Packetteer.
--
Would you buy a used bit from this man??
 
Reply With Quote
 
 
 
 
Hugo Drax
Guest
Posts: n/a
 
      10-22-2003
12.3 code with NBAR will inspect for KAZAA and drop traffic, even if it is
port 80

"mimiseh" <(E-Mail Removed)> wrote in message
news:UJAlb.33$(E-Mail Removed)...
> I know it is very diffcult to block Kazaa traffic at the client side, it

is
> possible to ask the ISP the block the Kazaa traffic from passing to our
> internet router.
>
>



 
Reply With Quote
 
Ivan Ostres
Guest
Posts: n/a
 
      10-23-2003
"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:bn6rmm$ie5$(E-Mail Removed)...
>
>
> If KaZaa and kin are noticable problems in your organization then:
>
> 1) Make sure you have a security policy that deals with the situation
> (one with some teeth!);
> 2) Be prepared to monitor traffic; and
> 3) Consider installing a product from Packetteer.


Just a question. If you have policy in your company that users are not
allowed to use Kazaa, isn't it much more simple to use products like
(Peregrine Asset...something) which has agents that scan for software on
clinets? Doing that on regular basis, you can see who installed Kazaa or any
illegal software and proceed with further actions...

Ivan


 
Reply With Quote
 
Richard Deal
Guest
Posts: n/a
 
      10-23-2003
Actually, the best solution is have a company policy regarding the the use
of this stuff, with a harsh penalty. Then just monitor it. The problem with
the PIX or router, with ACLs, is that in many cases, Kazaa and similar
programs can get around this using HTTP, or tunneling it via SOCKS. A good
monitoring program, like an IDS or other solution (even Cisco's NBAR can be
set up to do this) should flag down the rule-breakers and then you can take
the appropiate action. Also, there are scanning programs you can run on
people's desktops to look for this stuff--you might want to do this once a
week or month when they log in to verify the sterility of their desktops.

Cheers!
--

Richard A. Deal

Visit my home page at http://home.cfl.rr.com/dealgroup/

Author of CCNA Cisco Certified Network Associate Study Guide (Exam 640-801),
Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep,
CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram

Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
exams on the market.



"Hugo Drax" <(E-Mail Removed)> wrote in message
news:bn74be$trj0a$(E-Mail Removed)-berlin.de...
> 12.3 code with NBAR will inspect for KAZAA and drop traffic, even if it is
> port 80
>
> "mimiseh" <(E-Mail Removed)> wrote in message
> news:UJAlb.33$(E-Mail Removed)...
> > I know it is very diffcult to block Kazaa traffic at the client side, it

> is
> > possible to ask the ISP the block the Kazaa traffic from passing to our
> > internet router.
> >
> >

>
>
>



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      10-23-2003
In article <bn80uh$ulg6h$(E-Mail Removed)-berlin.de>,
Ivan Ostres <(E-Mail Removed)> wrote:
:Just a question. If you have policy in your company that users are not
:allowed to use Kazaa, isn't it much more simple to use products like
Peregrine Asset...something) which has agents that scan for software on
:clinets? Doing that on regular basis, you can see who installed Kazaa or any
:illegal software and proceed with further actions...

Scanning to see what software is installed can be tricky from a
policy standpoint.


The Canada Charter of Rights and Freedoms (the equivilent of the US
Constitution) contains a clause that "Everyone has the right to be
secure against unreasonable search and seizure". In the context of the
section that is in, that constrains government searches without a
search warrant, but does not apply to the same extent to private
companies (or, rather, what is "unreasonable" differs between
Government and private companies.)

The place I work happens to be part of the Canadian Federal Government,
and because of that, the full Charter clause is considered to apply:
our actions with regards to our employees have to be those permitted
between Government and Person, instead of the wider actions permitted
between Employer and Employee in private companies.

At the moment, no-one is quite sure whether using software to search
employee hard disks for forbidden programs counts as "unreasonable
search" within the meaning of the Charter. There are arguments on both
sides. Our lawyers advise us that any kind of -manual- search for such
programs would, more likely than not, be considered "unreasonable";
mechanical searches for -particular- programs are less certain.

The general policy here is that if I or the other systems
administrators happen to notice forbidden files or network activity in
the course of our regular duties, then we are to take appropriate
action; that we need a Good Reason to do routine searches over peoples'
desktop systems [and we should clear these in advance]; and that
targetting -particular- individuals for compliance searches is almost
always beyond our authority.


The policy leaves me free to examine the firewall logs (which are in IP
address/port terms), because summary information about -what- was
contacted is not considered to be a "communication" under wiretap laws;
but I had to specifically disable URL logging because the details of
the URLs can sometimes disclose the "communication" itself (think of
form parameters placed after a GET.) If I do a reverse lookup on a host
visited, and I see it is stolenxxxses-n-cardz.com or kazaa.com then I
can proceed under our usage policies; but if the IP address resolves to
a virtual hoster -mostly- known for hosting stuff we Don't Want Around
Here, I must presume that the user was accessing something acceptable
there.
--
Cottleston, Cottleston, Cottleston pie.
A bird can't whistle and neither can I. -- Pooh
 
Reply With Quote
 
Rod Dorman
Guest
Posts: n/a
 
      10-23-2003
In article <UJAlb.33$(E-Mail Removed)>,
mimiseh <(E-Mail Removed)> wrote:
>I know it is very diffcult to block Kazaa traffic at the client side, it is
>possible to ask the ISP the block the Kazaa traffic from passing to our
>internet router.


Trying to block it is often difficult because when they can't get
their preferred port they'll try others. One helpfull suggestion is
not to block it but instead rate limit it to just a trickle.

An interesting alternative of Filtering by DNS can be found at
http://www.holland-consulting.net/tech/imblock.html

--
-- Rod --
rodd(at)polylogics(dot)com
 
Reply With Quote
 
Jonathan Wilson
Guest
Posts: n/a
 
      10-29-2003

We deal with the search issue by having regularly scheduled software audits
for license compliance - a good idea in and of itself. Amazing what
well-meaning and law-abiding people will do with licensed software. If you
find anything that hasn't been purchased or is demonstrably not for business
purposes, out it goes.

Jonathan Wilson

"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:bn8sfq$ftb$(E-Mail Removed)...
> In article <bn80uh$ulg6h$(E-Mail Removed)-berlin.de>,
> Ivan Ostres <(E-Mail Removed)> wrote:
> :Just a question. If you have policy in your company that users are not
> :allowed to use Kazaa, isn't it much more simple to use products like
> Peregrine Asset...something) which has agents that scan for software on
> :clinets? Doing that on regular basis, you can see who installed Kazaa or

any
> :illegal software and proceed with further actions...
>
> Scanning to see what software is installed can be tricky from a
> policy standpoint.



 
Reply With Quote
 
Ivan Ostres
Guest
Posts: n/a
 
      10-29-2003
"Jonathan Wilson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> We deal with the search issue by having regularly scheduled software

audits
> for license compliance - a good idea in and of itself. Amazing what
> well-meaning and law-abiding people will do with licensed software. If you
> find anything that hasn't been purchased or is demonstrably not for

business
> purposes, out it goes.
>


Yep, we have similar policy and our link is much, much less congested than
before...

Ivan


 
Reply With Quote
 
paul blitz
Guest
Posts: n/a
 
      10-30-2003

"mimiseh" <(E-Mail Removed)> wrote in message
news:UJAlb.33$(E-Mail Removed)...
> I know it is very diffcult to block Kazaa traffic at the client side, it

is
> possible to ask the ISP the block the Kazaa traffic from passing to our
> internet router.


The problem, as others have pointed out, is that kazaa, and many other
similar peer2peer protocols will use any port it can get its hands on.

Packeteer's Packetshaper (www.packeteer.com) gets around the problem as it
identifies traffic up at the application level... so it doesn't care what
port it uses, it see that it is Kazaa (or eDonkey or whatever). It will also
let you see who it is that is using that protocol.

And yes, as someone else already said, rather that stop the connection from
happening (which just makes it try again, on another port.... then on
another port....), you allow the connection, but at, say, a mere 256 bps! At
that speed, it connects quickly, but the user will soon give up.... and they
daren't complain, coz they aren't supposed to be doing it in the first place


Paul Blitz
Centia Ltd


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ISP Port Blocking John Computer Support 5 07-17-2007 11:17 PM
How does typical ISP traffic shaping/bandwidth limiting work ? Do ISP's allow bursty traffic per second ? Skybuck Flying Cisco 0 01-19-2006 08:50 PM
stealth-blocking, isp blocking website Dhruv Computer Security 9 01-25-2005 05:37 PM
Re: ISP blocking VOIP (H323) webhardy VOIP 0 04-06-2004 12:55 PM
Blocking Kazaa? Kimball K Kinnison Computer Support 4 11-15-2003 04:17 PM



Advertisments