Message

From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Matias_Bj=F8rling?= Subject: Yet Another Kazaa Issue Date: Tue, 19 Nov 2002 21:55:22 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <001101c2900e$055b0bf0$0200000a@parseerror.dk> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C29016.5C1649C0" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_000D_01C29016.5C1649C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hey Im trying like hell to get Kazaa to stop connect successfully... = Whatever i do, blocking port 1214 in ANY possible way, it still resist = and connect sucessfully, even with thoes firewall rules iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP iptables -A FORWARD -m string --string "Kazaa" -j DROP Chain FORWARD (policy DROP) target prot opt source destination DROP all -- anywhere anywhere STRING match = X-Kazaa-Username: DROP all -- anywhere anywhere STRING match = X-Kazaa-Network: DROP all -- anywhere anywhere STRING match = X-Kazaa-IP: DROP all -- anywhere anywhere STRING match = X-Kazaa-SupernodeIP DROP all -- anywhere anywhere STRING match = Kazaa LOG all -- anywhere anywhere STRING match = User LOG level warning DROP all -- anywhere anywhere STRING match = User state_chk all -- anywhere anywhere It catch the "kazaa" thingie on the homepage... But.. anyhow it somehow = seem to connect to the supernode outside... Im getting nuts.. Why can't = i stop it?.. What am i doing wrong.. I tried to ages now.. and it dont = work :( Any help will be appreciated :D Thanks - SilverWolf ------=_NextPart_000_000D_01C29016.5C1649C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hey

Im trying like hell to get Kazaa to = stop connect=20 successfully... Whatever i do, blocking port 1214 in ANY possible way, = it still=20 resist and connect sucessfully, even with thoes firewall = rules

iptables -A FORWARD -m string --string=20 "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string=20 "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string=20 "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string=20 "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string --string = "Kazaa"=20 -j DROP

Chain=20 FORWARD (policy DROP)
target     prot opt=20 source           &= nbsp;  =20 destination
DROP       all = -- =20 anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-Username:
DROP       = all =20 -- =20 anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-Network:
DROP       = all =20 -- =20 anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-IP:
DROP       all = -- =20 anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-SupernodeIP
DROP       = all =20 -- =20 anywhere           = ; =20 anywhere           = STRING=20 match Kazaa
LOG        all = -- =20 anywhere           = ; =20 anywhere           = STRING=20 match User LOG level = warning
DROP      =20 all -- =20 anywhere           = ; =20 anywhere           = STRING=20 match User
state_chk all -- =20 anywhere           = ; =20 anywhere

It catch the "kazaa" thingie on the = homepage...=20 But.. anyhow it somehow seem to connect to the supernode outside... Im = getting=20 nuts.. Why can't i stop it?.. What am i doing wrong.. I tried to ages = now.. and=20 it dont work :(

Any help will be appreciated = :D

Thanks

- SilverWolf

------=_NextPart_000_000D_01C29016.5C1649C0-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Matias_Bj=F8rling?= Subject: Yet Another Kazaa Issue Date: Tue, 19 Nov 2002 21:55:22 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <001001c2900d$fa96b2f0$0200000a@parseerror.dk> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C29016.5C1649C0" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_000D_01C29016.5C1649C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hey Im trying like hell to get Kazaa to stop connect successfully... = Whatever i do, blocking port 1214 in ANY possible way, it still resist = and connect sucessfully, even with thoes firewall rules iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP iptables -A FORWARD -m string --string "Kazaa" -j DROP Chain FORWARD (policy DROP) target prot opt source destination DROP all -- anywhere anywhere STRING match = X-Kazaa-Username: DROP all -- anywhere anywhere STRING match = X-Kazaa-Network: DROP all -- anywhere anywhere STRING match = X-Kazaa-IP: DROP all -- anywhere anywhere STRING match = X-Kazaa-SupernodeIP DROP all -- anywhere anywhere STRING match = Kazaa LOG all -- anywhere anywhere STRING match = User LOG level warning DROP all -- anywhere anywhere STRING match = User state_chk all -- anywhere anywhere It catch the "kazaa" thingie on the homepage... But.. anyhow it somehow = seem to connect to the supernode outside... Im getting nuts.. Why can't = i stop it?.. What am i doing wrong.. I tried to ages now.. and it dont = work :( Any help will be appreciated :D Thanks - SilverWolf ------=_NextPart_000_000D_01C29016.5C1649C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hey

Any help will be appreciated = :D

Thanks

- SilverWolf

------=_NextPart_000_000D_01C29016.5C1649C0-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Aldo S. Lagana" Subject: RE: Yet Another Kazaa Issue Date: Thu, 21 Nov 2002 17:15:45 -0500 Sender: netfilter-admin@lists.netfilter.org Message-ID: <002401c291ab$897c8730$3864a8c0@discmail.com> References: <001101c2900e$055b0bf0$0200000a@parseerror.dk> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0025_01C29181.A0A67F30" Return-path: In-Reply-To: <001101c2900e$055b0bf0$0200000a@parseerror.dk> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: =?iso-8859-1?Q?'Matias_Bj=F8rling'?= , netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0025_01C29181.A0A67F30 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable The only real way to stop KaZaA, messenger, etc. is to use an Application Proxy and use the power of the proxy to stop traffic. For example on Linux you could use the TIS toolkit, or Squid as proxies...you would redirect all traffic from iptables to them and then they would use their advanced methods of looking into the packets to allow or drop the packet. =20 =20 -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Matias Bj=F8rling Sent: Tuesday, November 19, 2002 3:55 PM To: netfilter@lists.netfilter.org Subject: Yet Another Kazaa Issue Hey =20 Im trying like hell to get Kazaa to stop connect successfully... Whatever i do, blocking port 1214 in ANY possible way, it still resist and connect sucessfully, even with thoes firewall rules =20 iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP iptables -A FORWARD -m string --string "Kazaa" -j DROP =20 Chain FORWARD (policy DROP) target prot opt source destination DROP all -- anywhere anywhere STRING match X-Kazaa-Username: DROP all -- anywhere anywhere STRING match X-Kazaa-Network: DROP all -- anywhere anywhere STRING match X-Kazaa-IP: DROP all -- anywhere anywhere STRING match X-Kazaa-SupernodeIP DROP all -- anywhere anywhere STRING match Kazaa LOG all -- anywhere anywhere STRING match User LOG level warning DROP all -- anywhere anywhere STRING match User state_chk all -- anywhere anywhere =20 It catch the "kazaa" thingie on the homepage... But.. anyhow it somehow seem to connect to the supernode outside... Im getting nuts.. Why can't i stop it?.. What am i doing wrong.. I tried to ages now.. and it dont work :( =20 Any help will be appreciated :D =20 Thanks =20 - SilverWolf ------=_NextPart_000_0025_01C29181.A0A67F30 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message

The=20 only real way to stop KaZaA, messenger, etc. is to use an = Application Proxy=20 and use the power of the proxy to stop traffic. For example on = Linux you=20 could use the TIS toolkit, or Squid as proxies...you would redirect all = traffic=20 from iptables to them and then they would use their advanced methods of = looking=20 into the packets to allow or drop the packet.

-----Original Message-----
From:=20 netfilter-admin@lists.netfilter.org=20 [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of = Matias=20 Bj=F8rling
Sent: Tuesday, November 19, 2002 3:55 = PM
To:=20 netfilter@lists.netfilter.org
Subject: Yet Another Kazaa=20 Issue

Hey

Im trying like hell to get Kazaa to = stop connect=20 successfully... Whatever i do, blocking port 1214 in ANY possible way, = it=20 still resist and connect sucessfully, even with thoes firewall=20 rules

iptables -A FORWARD -m string = --string=20 "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string=20 "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string=20 "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string=20 "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string = --string=20 "Kazaa" -j DROP

Chain=20 FORWARD (policy DROP)
target     prot opt=20 = source           &= nbsp;  =20 destination
DROP       all = -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-Username:
DROP       = all =20 -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-Network:
DROP       = all =20 -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-IP:
DROP       = all =20 -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match X-Kazaa-SupernodeIP
DROP      =20 all -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match Kazaa
LOG        all = -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match User LOG level = warning
DROP      =20 all -- =20 = anywhere           = ; =20 anywhere           = STRING=20 match User
state_chk all -- =20 = anywhere           = ; =20 anywhere

It catch the "kazaa" thingie on the = homepage...=20 But.. anyhow it somehow seem to connect to the supernode outside... Im = getting=20 nuts.. Why can't i stop it?.. What am i doing wrong.. I tried to ages = now..=20 and it dont work :(

Any help will be appreciated = :D

Thanks

-=20 SilverWolf

------=_NextPart_000_0025_01C29181.A0A67F30-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Luciano Ruete Subject: Re: Yet Another Kazaa Issue Date: Thu, 21 Nov 2002 22:36:25 -0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: <3DDD8A19.8000704@myrealbox.com> References: <001001c2900d$fa96b2f0$0200000a@parseerror.dk> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="iso-8859-1"; format="flowed" To: netfilter Cc: arnt@c2i.net Matias Bj=F8rling escribi=F3:: > Hey > =20 > Im trying like hell to get Kazaa to stop connect successfully...=20 > Whatever i do, blocking port 1214 in ANY possible way, it still resist=20 > and connect sucessfully, even with thoes firewall rules I did two thing (in diferent situations) that works very well. 1=BA hit the kazaa Achilles heel --> the centralized server iptables -A FORWARD (...) -d 206.142.53.0/24 -j REJECT iptables -A FORWARD (...) -d 213.248.112.0/24 -j REJECT This work 4 me, i dont know if the nets are the same today, but 'try and=20 tell!' or google it =3D) 2=BA i have CBQ'ed both incoming and outcoming kazaa traffic, you can=20 drive the thins as far as you whant, and give 1kbit to all the kazaa=20 conections behind de router/firewall. Here is my conf to cbq.init (the most simple case) Two files, 1 for up, 1 for down /etc/sysconfig/cbq/cbq-120.kazaa-up DEVICE=3Deth0,10Mbit,1Mbit RATE=3D120Kbit WEIGHT=3D12Kbit PRIO=3D5 RULE=3D:1214, RULE=3D,:1214 /etc/sysconfig/cbq/cbq-240.kazaa-down DEVICE=3Deth1,10Mbit,1Mbit RATE=3D240Kbit WEIGHT=3D24Kbit PRIO=3D5 #RULE=3D:1214, #RULE=3D,:1214 You can find cbq.init (a script/frontend to tc and CBQ classes) in https://sourceforge.net/projects/cbqinit The script is self documented Regards -- Luciano From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maciej Soltysiak Subject: Re: Yet Another Kazaa Issue Date: Fri, 22 Nov 2002 12:19:06 +0100 (CET) Sender: netfilter-admin@lists.netfilter.org Message-ID: References: <001101c2900e$055b0bf0$0200000a@parseerror.dk> Mime-Version: 1.0 Return-path: In-Reply-To: <001101c2900e$055b0bf0$0200000a@parseerror.dk> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: TEXT/PLAIN; charset="us-ascii" Content-Transfer-Encoding: 7bit To: =?iso-8859-1?Q?Matias_Bj=F8rling?= Cc: netfilter@lists.netfilter.org > iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP > iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP > iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP > iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP > iptables -A FORWARD -m string --string "Kazaa" -j DROP I recommend REJECT --reject-with tcp-reset. It will tell the clients that the connections is closed. If you drop the packets, the clients will try to send packets on and on for some time. Maciej Soltysiak