Yet Another Kazaa Issue

Yet Another Kazaa Issue

[Matias Bjørling]

[-- Attachment #1: Type: text/plain, Size: 1570 bytes --]

Hey

Im trying like hell to get Kazaa to stop connect successfully... Whatever i do, blocking port 1214 in ANY possible way, it still resist and connect sucessfully, even with thoes firewall rules

iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string --string "Kazaa" -j DROP

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-Username:
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-Network:
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-IP:
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-SupernodeIP
DROP       all  --  anywhere             anywhere           STRING match Kazaa
LOG        all  --  anywhere             anywhere           STRING match User  LOG level warning
DROP       all  --  anywhere             anywhere           STRING match User
state_chk  all  --  anywhere             anywhere


It catch the "kazaa" thingie on the homepage... But.. anyhow it somehow seem to connect to the supernode outside... Im getting nuts.. Why can't i stop it?.. What am i doing wrong.. I tried to ages now.. and it dont work :(

Any help will be appreciated :D

Thanks

- SilverWolf

[-- Attachment #2: Type: text/html, Size: 3828 bytes --]

Yet Another Kazaa Issue

[Matias Bjørling]

[-- Attachment #1: Type: text/plain, Size: 1570 bytes --]

Hey

Im trying like hell to get Kazaa to stop connect successfully... Whatever i do, blocking port 1214 in ANY possible way, it still resist and connect sucessfully, even with thoes firewall rules

iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string --string "Kazaa" -j DROP

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-Username:
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-Network:
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-IP:
DROP       all  --  anywhere             anywhere           STRING match X-Kazaa-SupernodeIP
DROP       all  --  anywhere             anywhere           STRING match Kazaa
LOG        all  --  anywhere             anywhere           STRING match User  LOG level warning
DROP       all  --  anywhere             anywhere           STRING match User
state_chk  all  --  anywhere             anywhere


It catch the "kazaa" thingie on the homepage... But.. anyhow it somehow seem to connect to the supernode outside... Im getting nuts.. Why can't i stop it?.. What am i doing wrong.. I tried to ages now.. and it dont work :(

Any help will be appreciated :D

Thanks

- SilverWolf

[-- Attachment #2: Type: text/html, Size: 3828 bytes --]

RE: Yet Another Kazaa Issue

[Aldo S. Lagana]

[-- Attachment #1: Type: text/plain, Size: 2227 bytes --]

The only real way to stop KaZaA, messenger, etc. is to use an
Application Proxy and use the power of the proxy to stop traffic.  For
example on Linux you could use the TIS toolkit, or Squid as
proxies...you would redirect all traffic from iptables to them and then
they would use their advanced methods of looking into the packets to
allow or drop the packet.
 
 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Matias
Bjørling
Sent: Tuesday, November 19, 2002 3:55 PM
To: netfilter@lists.netfilter.org
Subject: Yet Another Kazaa Issue


Hey
 
Im trying like hell to get Kazaa to stop connect successfully...
Whatever i do, blocking port 1214 in ANY possible way, it still resist
and connect sucessfully, even with thoes firewall rules
 
iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string --string "Kazaa" -j DROP
 
Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere           STRING match
X-Kazaa-Username:
DROP       all  --  anywhere             anywhere           STRING match
X-Kazaa-Network:
DROP       all  --  anywhere             anywhere           STRING match
X-Kazaa-IP:
DROP       all  --  anywhere             anywhere           STRING match
X-Kazaa-SupernodeIP
DROP       all  --  anywhere             anywhere           STRING match
Kazaa
LOG        all  --  anywhere             anywhere           STRING match
User  LOG level warning
DROP       all  --  anywhere             anywhere           STRING match
User
state_chk  all  --  anywhere             anywhere

 
It catch the "kazaa" thingie on the homepage... But.. anyhow it somehow
seem to connect to the supernode outside... Im getting nuts.. Why can't
i stop it?.. What am i doing wrong.. I tried to ages now.. and it dont
work :(
 
Any help will be appreciated :D
 
Thanks
 
- SilverWolf


[-- Attachment #2: Type: text/html, Size: 5244 bytes --]

Re: Yet Another Kazaa Issue

[Luciano Ruete]

Matias Bjørling escribió::
> Hey
>  
> Im trying like hell to get Kazaa to stop connect successfully... 
> Whatever i do, blocking port 1214 in ANY possible way, it still resist 
> and connect sucessfully, even with thoes firewall rules

I did two thing (in diferent situations) that works very well.

1º hit the kazaa Achilles heel --> the centralized server

iptables -A FORWARD (...) -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD (...) -d 213.248.112.0/24 -j REJECT

This work 4 me, i dont know if the nets are the same today, but 'try and 
tell!' or google it =)

2º i have CBQ'ed both incoming and outcoming kazaa traffic, you can 
drive the thins as far as you whant, and give 1kbit to all the kazaa 
conections behind de router/firewall.
Here is my conf to cbq.init (the most simple case)
Two files, 1 for up, 1 for down

/etc/sysconfig/cbq/cbq-120.kazaa-up
DEVICE=eth0,10Mbit,1Mbit
RATE=120Kbit
WEIGHT=12Kbit
PRIO=5
RULE=:1214,
RULE=,:1214

/etc/sysconfig/cbq/cbq-240.kazaa-down
DEVICE=eth1,10Mbit,1Mbit
RATE=240Kbit
WEIGHT=24Kbit
PRIO=5
#RULE=:1214,
#RULE=,:1214

You can find cbq.init (a script/frontend to tc and CBQ classes) in
https://sourceforge.net/projects/cbqinit

The script is self documented

Regards

--
Luciano

Re: Yet Another Kazaa Issue

[Maciej Soltysiak]

> iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
> iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
> iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
> iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
> iptables -A FORWARD -m string --string "Kazaa" -j DROP
I recommend REJECT --reject-with tcp-reset.
It will tell the clients that the connections is closed. If you drop the
packets, the clients will try to send packets on and on for some time.

Maciej Soltysiak