* RE: how to filter kazaa
@ 2003-05-21 15:15 Gladson George
0 siblings, 0 replies; 12+ messages in thread
From: Gladson George @ 2003-05-21 15:15 UTC (permalink / raw)
To: tracker, netfilter
The following rule has worked for me.
http://www.securityfocus.com/infocus/1531
$IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
--reject-with tcp-reset
$IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
--reject-with tcp-reset
$IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
--reject-with tcp-reset
$IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
REJECT --reject-with tcp-reset
-----Original Message-----
From: tracker [mailto:jaws@skyinet.net]
Sent: Wednesday, May 21, 2003 3:20 PM
To: netfilter@lists.netfilter.org
Subject: how to filter kazaa
Hi all,
Im new to this list and iptables. I would like to know how to filter kazaa.
Thanks.
Jaws
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
@ 2003-05-21 15:58 eribicic
2003-05-21 16:15 ` Patrick Ahler
2003-05-22 10:10 ` jaws
0 siblings, 2 replies; 12+ messages in thread
From: eribicic @ 2003-05-21 15:58 UTC (permalink / raw)
To: georgc, jaws, netfilter
isnt it easyer to filter ports 1214?
> The following rule has worked for me.
>
> http://www.securityfocus.com/infocus/1531
>
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
> REJECT --reject-with tcp-reset
>
> -----Original Message-----
> From: tracker [mailto:jaws@skyinet.net]
> Sent: Wednesday, May 21, 2003 3:20 PM
> To: netfilter@lists.netfilter.org
> Subject: how to filter kazaa
>
> Hi all,
>
> Im new to this list and iptables. I would like to know how to filter kazaa.
>
> Thanks.
>
> Jaws
>
>
>
--
Slds.
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
@ 2003-05-21 16:08 Gladson George
0 siblings, 0 replies; 12+ messages in thread
From: Gladson George @ 2003-05-21 16:08 UTC (permalink / raw)
To: kisero, jaws, netfilter
Kazaa has the ability to run on port 80 if port 1214 is blocked.
-----Original Message-----
From: eribicic@sinectis.com [mailto:kisero@uolsinectis.com.ar]
Sent: Wednesday, May 21, 2003 11:58 AM
To: Gladson George; jaws@skyinet.net; netfilter@lists.netfilter.org
Subject: RE: how to filter kazaa
isnt it easyer to filter ports 1214?
> The following rule has worked for me.
>
> http://www.securityfocus.com/infocus/1531
>
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
> REJECT --reject-with tcp-reset
>
> -----Original Message-----
> From: tracker [mailto:jaws@skyinet.net]
> Sent: Wednesday, May 21, 2003 3:20 PM
> To: netfilter@lists.netfilter.org
> Subject: how to filter kazaa
>
> Hi all,
>
> Im new to this list and iptables. I would like to know how to filter kazaa.
>
> Thanks.
>
> Jaws
>
>
>
--
Slds.
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
2003-05-21 15:58 eribicic
@ 2003-05-21 16:15 ` Patrick Ahler
2003-05-22 10:10 ` jaws
1 sibling, 0 replies; 12+ messages in thread
From: Patrick Ahler @ 2003-05-21 16:15 UTC (permalink / raw)
To: kisero; +Cc: netfilter EMAIL
The kazaa protocol was built so it is extremely difficult to block...
there's no way your going to block it by just closing off a few ports, it's
smarter than that.
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of
eribicic@sinectis.com
Sent: Wednesday, May 21, 2003 11:58 AM
To: georgc@FARMINGDALE.EDU; jaws@skyinet.net;
netfilter@lists.netfilter.org
Subject: RE: how to filter kazaa
isnt it easyer to filter ports 1214?
> The following rule has worked for me.
>
> http://www.securityfocus.com/infocus/1531
>
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> --reject-with tcp-reset
>
> $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
> REJECT --reject-with tcp-reset
>
> -----Original Message-----
> From: tracker [mailto:jaws@skyinet.net]
> Sent: Wednesday, May 21, 2003 3:20 PM
> To: netfilter@lists.netfilter.org
> Subject: how to filter kazaa
>
> Hi all,
>
> Im new to this list and iptables. I would like to know how to filter
kazaa.
>
> Thanks.
>
> Jaws
>
>
>
--
Slds.
^ permalink raw reply [flat|nested] 12+ messages in thread
* how to filter kazaa
@ 2003-05-21 19:19 tracker
0 siblings, 0 replies; 12+ messages in thread
From: tracker @ 2003-05-21 19:19 UTC (permalink / raw)
To: netfilter
Hi all,
Im new to this list and iptables. I would like to know how to filter kazaa.
Thanks.
Jaws
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
2003-05-21 15:58 eribicic
2003-05-21 16:15 ` Patrick Ahler
@ 2003-05-22 10:10 ` jaws
2003-05-22 11:07 ` Esteban Ribicic
1 sibling, 1 reply; 12+ messages in thread
From: jaws @ 2003-05-22 10:10 UTC (permalink / raw)
To: kisero, georgc, netfilter
but filtering port 1214 will not solve the problem coz kazza can use other
ports.
At 12:58 PM 5/21/2003 -0300, eribicic@sinectis.com wrote:
>isnt it easyer to filter ports 1214?
>
> > The following rule has worked for me.
> >
> > http://www.securityfocus.com/infocus/1531
> >
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
> > --reject-with tcp-reset
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
> > --reject-with tcp-reset
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> > --reject-with tcp-reset
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
> > REJECT --reject-with tcp-reset
> >
> > -----Original Message-----
> > From: tracker [mailto:jaws@skyinet.net]
> > Sent: Wednesday, May 21, 2003 3:20 PM
> > To: netfilter@lists.netfilter.org
> > Subject: how to filter kazaa
> >
> > Hi all,
> >
> > Im new to this list and iptables. I would like to know how to filter kazaa.
> >
> > Thanks.
> >
> > Jaws
> >
> >
> >
>--
>Slds.
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
@ 2003-05-22 11:01 George Vieira
0 siblings, 0 replies; 12+ messages in thread
From: George Vieira @ 2003-05-22 11:01 UTC (permalink / raw)
To: jaws, kisero, georgc, netfilter
That's why the rules below match the protocol negotiations because it'll track the data on any port no matter which one it uses... just don't send an email with this data ... ha ha ha.. ;)
-----Original Message-----
From: jaws [mailto:jaws@skyinet.net]
Sent: Thursday, May 22, 2003 8:11 PM
To: kisero@uolsinectis.com.ar; georgc@FARMINGDALE.EDU;
netfilter@lists.netfilter.org
Subject: RE: how to filter kazaa
but filtering port 1214 will not solve the problem coz kazza can use other
ports.
At 12:58 PM 5/21/2003 -0300, eribicic@sinectis.com wrote:
>isnt it easyer to filter ports 1214?
>
> > The following rule has worked for me.
> >
> > http://www.securityfocus.com/infocus/1531
> >
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
> > --reject-with tcp-reset
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
> > --reject-with tcp-reset
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> > --reject-with tcp-reset
> >
> > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
> > REJECT --reject-with tcp-reset
> >
> > -----Original Message-----
> > From: tracker [mailto:jaws@skyinet.net]
> > Sent: Wednesday, May 21, 2003 3:20 PM
> > To: netfilter@lists.netfilter.org
> > Subject: how to filter kazaa
> >
> > Hi all,
> >
> > Im new to this list and iptables. I would like to know how to filter kazaa.
> >
> > Thanks.
> >
> > Jaws
> >
> >
> >
>--
>Slds.
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
2003-05-22 10:10 ` jaws
@ 2003-05-22 11:07 ` Esteban Ribicic
0 siblings, 0 replies; 12+ messages in thread
From: Esteban Ribicic @ 2003-05-22 11:07 UTC (permalink / raw)
To: jaws; +Cc: kisero, georgc, netfilter
so i could use this on the prerouting table and marks paqeuts so then
applyen them a tc filter?
in that case, you've save my life!
On Thu, 2003-05-22 at 07:10, jaws wrote:
> but filtering port 1214 will not solve the problem coz kazza can use other
> ports.
>
> At 12:58 PM 5/21/2003 -0300, eribicic@sinectis.com wrote:
> >isnt it easyer to filter ports 1214?
> >
> > > The following rule has worked for me.
> > >
> > > http://www.securityfocus.com/infocus/1531
> > >
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j -j
> > > REJECT --reject-with tcp-reset
> > >
> > > -----Original Message-----
> > > From: tracker [mailto:jaws@skyinet.net]
> > > Sent: Wednesday, May 21, 2003 3:20 PM
> > > To: netfilter@lists.netfilter.org
> > > Subject: how to filter kazaa
> > >
> > > Hi all,
> > >
> > > Im new to this list and iptables. I would like to know how to filter kazaa.
> > >
> > > Thanks.
> > >
> > > Jaws
> > >
> > >
> > >
> >--
> >Slds.
>
>
>
>
>
--
Esteban Ribicic <eribicic@UolSinectis.com>
UOL-Sinectis - Network Operation Center
Florida 537 6to - Capital Federal - Argentina
(tel directo) 54+011-4321-9107
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
@ 2003-05-26 1:57 Gladson George
2003-05-26 2:26 ` Bob Keyes
0 siblings, 1 reply; 12+ messages in thread
From: Gladson George @ 2003-05-26 1:57 UTC (permalink / raw)
To: Esteban Ribicic, jaws; +Cc: kisero, netfilter
If you want to use tc take a look at this link, I haven't tried it my self
but it looks promising.
-----Original Message-----
From: Esteban Ribicic [mailto:eribicic@UolSinectis.com]
Sent: Thursday, May 22, 2003 7:08 AM
To: jaws
Cc: kisero@uolsinectis.com.ar; Gladson George; netfilter@lists.netfilter.org
Subject: RE: how to filter kazaa
so i could use this on the prerouting table and marks paqeuts so then
applyen them a tc filter?
in that case, you've save my life!
On Thu, 2003-05-22 at 07:10, jaws wrote:
> but filtering port 1214 will not solve the problem coz kazza can use other
> ports.
>
> At 12:58 PM 5/21/2003 -0300, eribicic@sinectis.com wrote:
> >isnt it easyer to filter ports 1214?
> >
> > > The following rule has worked for me.
> > >
> > > http://www.securityfocus.com/infocus/1531
> > >
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j
REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j
REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j
-j
> > > REJECT --reject-with tcp-reset
> > >
> > > -----Original Message-----
> > > From: tracker [mailto:jaws@skyinet.net]
> > > Sent: Wednesday, May 21, 2003 3:20 PM
> > > To: netfilter@lists.netfilter.org
> > > Subject: how to filter kazaa
> > >
> > > Hi all,
> > >
> > > Im new to this list and iptables. I would like to know how to filter
kazaa.
> > >
> > > Thanks.
> > >
> > > Jaws
> > >
> > >
> > >
> >--
> >Slds.
>
>
>
>
>
--
Esteban Ribicic <eribicic@UolSinectis.com>
UOL-Sinectis - Network Operation Center
Florida 537 6to - Capital Federal - Argentina
(tel directo) 54+011-4321-9107
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
@ 2003-05-26 2:00 Gladson George
0 siblings, 0 replies; 12+ messages in thread
From: Gladson George @ 2003-05-26 2:00 UTC (permalink / raw)
To: Esteban Ribicic, jaws; +Cc: kisero, netfilter
If you are looking to use tc take a look at the following site. Although I
haven't tried it myself it looks promising.
http://l7-filter.sourceforge.net/
-----Original Message-----
From: Esteban Ribicic [mailto:eribicic@UolSinectis.com]
Sent: Thursday, May 22, 2003 7:08 AM
To: jaws
Cc: kisero@uolsinectis.com.ar; Gladson George; netfilter@lists.netfilter.org
Subject: RE: how to filter kazaa
so i could use this on the prerouting table and marks paqeuts so then
applyen them a tc filter?
in that case, you've save my life!
On Thu, 2003-05-22 at 07:10, jaws wrote:
> but filtering port 1214 will not solve the problem coz kazza can use other
> ports.
>
> At 12:58 PM 5/21/2003 -0300, eribicic@sinectis.com wrote:
> >isnt it easyer to filter ports 1214?
> >
> > > The following rule has worked for me.
> > >
> > > http://www.securityfocus.com/infocus/1531
> > >
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Username: -j
REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-Network: -j
REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-IP: -j REJECT
> > > --reject-with tcp-reset
> > >
> > > $IPTABLES -A FORWARD -p tcp -m string --string X-Kazaa-SupernodeIP: -j
-j
> > > REJECT --reject-with tcp-reset
> > >
> > > -----Original Message-----
> > > From: tracker [mailto:jaws@skyinet.net]
> > > Sent: Wednesday, May 21, 2003 3:20 PM
> > > To: netfilter@lists.netfilter.org
> > > Subject: how to filter kazaa
> > >
> > > Hi all,
> > >
> > > Im new to this list and iptables. I would like to know how to filter
kazaa.
> > >
> > > Thanks.
> > >
> > > Jaws
> > >
> > >
> > >
> >--
> >Slds.
>
>
>
>
>
--
Esteban Ribicic <eribicic@UolSinectis.com>
UOL-Sinectis - Network Operation Center
Florida 537 6to - Capital Federal - Argentina
(tel directo) 54+011-4321-9107
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
2003-05-26 1:57 Gladson George
@ 2003-05-26 2:26 ` Bob Keyes
0 siblings, 0 replies; 12+ messages in thread
From: Bob Keyes @ 2003-05-26 2:26 UTC (permalink / raw)
Cc: netfilter
All this talk of blocking kazaa seems a bit crazy to me. Don't you think
that someone from Kazaa is reading this list? You certainly know they
could. Each time you find a way to block kazaa they can work around your
blocking. Instead of the arms race, how about a truce? How about detecting
Kazaa packets and marking them as 'high throughput', and then using a
bandwidth management algorithm to keep kazaa users happy without making
the internet unusable for the rest of us.
If you are unlucky enough to have to pay by bytes transferred, then I
might suggest that you budget usage. I am sure that the average office
worker doesn't use more than 300mb of Internet bandwidth a day, which I
voracious p2p user certainly would.
^ permalink raw reply [flat|nested] 12+ messages in thread
* RE: how to filter kazaa
@ 2003-05-26 4:21 Gladson George
0 siblings, 0 replies; 12+ messages in thread
From: Gladson George @ 2003-05-26 4:21 UTC (permalink / raw)
To: Bob Keyes; +Cc: netfilter
Recording Industry Association of America (RIAA) is going after
Universities for allowing the students to use p2p (kazaa) application to
illegally transfer music and videos of artists they represent. At the moment
there two schools that have been hit with a lawsuit.
The only ways I know to block kazaa are:
- Cisco's Protocol Filtering software which runs on their 7000 series
routers. $$$$$
- PacketTear which cost around $12,000 dollars
- Iptables- Costing only the pc.
Discussions on various message boards regarding blocking kazaa has
helped me block kazaa at the university I currently work at an save the
department the headache the going through a lawsuit. Before blocking kazaa
we received at least 3-5 e-mail from riaa and mediaforce starting
XXX.XXX.XXX.XXX IP has be illegal sharing copyrighted media.
These discussions have helped me and I am sure it has helped other
network admin's that faced similar situation.
-----Original Message-----
From: Bob Keyes [mailto:bob@sinister.com]
Sent: Sunday, May 25, 2003 10:26 PM
Cc: netfilter@lists.netfilter.org
Subject: RE: how to filter kazaa
All this talk of blocking kazaa seems a bit crazy to me. Don't you think
that someone from Kazaa is reading this list? You certainly know they
could. Each time you find a way to block kazaa they can work around your
blocking. Instead of the arms race, how about a truce? How about detecting
Kazaa packets and marking them as 'high throughput', and then using a
bandwidth management algorithm to keep kazaa users happy without making
the internet unusable for the rest of us.
If you are unlucky enough to have to pay by bytes transferred, then I
might suggest that you budget usage. I am sure that the average office
worker doesn't use more than 300mb of Internet bandwidth a day, which I
voracious p2p user certainly would.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2003-05-26 4:21 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-21 19:19 how to filter kazaa tracker
-- strict thread matches above, loose matches on Subject: below --
2003-05-26 4:21 Gladson George
2003-05-26 2:00 Gladson George
2003-05-26 1:57 Gladson George
2003-05-26 2:26 ` Bob Keyes
2003-05-22 11:01 George Vieira
2003-05-21 16:08 Gladson George
2003-05-21 15:58 eribicic
2003-05-21 16:15 ` Patrick Ahler
2003-05-22 10:10 ` jaws
2003-05-22 11:07 ` Esteban Ribicic
2003-05-21 15:15 Gladson George
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.