Blocking of Kazaa under NG AI is as follows
Open SmartDefence window
Application Intelligence / Web / HTTP Protocol Inspection / Peer to Peer
You will see the application, chech which you want to blok and check Peer to Peer.
Select the configuration apply to all connection in HTTP Protocol Inspection.
If you want to know more about Kazaa or you run a version previous to NG AI
Initial configuration of Kazaa version 1
Kazaa is only one of a whole culture of peer-to-peer file-sharing networks/programs: Gnutella, eDonkey, BearShare, etc ad infinitum
Kazaa version 2 uses dynamic ports
How to block it on a firewall
Block them by port number. This doesn't scale well, and fails completely with the ones that search for unblocked port numbers to
use. (While to you, a firewall should be a "policy enforcement device", to your users and the authors of these applications, it's just an obstacle to be surmounted.)
If a client uses a HTTP port program like KazaaHTTP, there are very few options that you have as it will tunnel the kazaa traffic over HTTP from the client’s desktop. If you have a novice userbase, simply blocking the port of 1214 should suffice.
If you are using Checkpoint NG, FP3 is supposed to include the additional content filtering needed to block applications like Kazaa.
If you are blocking port 1214, you also have to block all outgoing socks-traffic, because kazaa-client supports Socks-Proxy and
there exists enough free socks-proxy. The second thing, if you are blocking socks then you also have to block all outgoing http/https-traffic, because you can tunnel socks-traffic over http/https with tools like httport.
How to block it on a Cisco router
access-list 101 deny tcp any any eq 1214
What measure you should take
Add a content-filtering solution to your border security. This is about the only way you're going to block stuff that piggy-backs on
well-known service ports (80, 25, etc) in order to circumvent firewalls.
What you should also know about Kazaa
Unfortunately when you install KaZaa you also get at least one virus installed on your computer. I call it a virus because by most descriptions I've seen of the term, TopText qualifies as a virus. You don't ask for it. It takes control of your browser and makes changes to everything you read on the Internet.
TopText operates with a browser to highlight words on every web page, inserting a yellow background behind keywords that have been purchased through their media sales company eZula, Inc. If a web user clicks on one of those yellow highlighted words on a web page, the user is whisked away to the site of the company paying the most that day for each click-through. If a user whose browser is infected with TopText visits your web site, they will be offered links to competitor's web sites for every keyword they find on your site for which they have a buyer.
This is not much, if any, different from the Smart Tags system that Microsoft announced for their Windows XP browser. Media and webmaster pressure and outrage caused Microsoft to cancel, for now, their release of that feature.
Open SmartDefence window
Application Intelligence / Web / HTTP Protocol Inspection / Peer to Peer
You will see the application, chech which you want to blok and check Peer to Peer.
Select the configuration apply to all connection in HTTP Protocol Inspection.
If you want to know more about Kazaa or you run a version previous to NG AI
Initial configuration of Kazaa version 1
Kazaa is only one of a whole culture of peer-to-peer file-sharing networks/programs: Gnutella, eDonkey, BearShare, etc ad infinitum
Kazaa version 2 uses dynamic ports
How to block it on a firewall
Block them by port number. This doesn't scale well, and fails completely with the ones that search for unblocked port numbers to
use. (While to you, a firewall should be a "policy enforcement device", to your users and the authors of these applications, it's just an obstacle to be surmounted.)
If a client uses a HTTP port program like KazaaHTTP, there are very few options that you have as it will tunnel the kazaa traffic over HTTP from the client’s desktop. If you have a novice userbase, simply blocking the port of 1214 should suffice.
If you are using Checkpoint NG, FP3 is supposed to include the additional content filtering needed to block applications like Kazaa.
If you are blocking port 1214, you also have to block all outgoing socks-traffic, because kazaa-client supports Socks-Proxy and
there exists enough free socks-proxy. The second thing, if you are blocking socks then you also have to block all outgoing http/https-traffic, because you can tunnel socks-traffic over http/https with tools like httport.
How to block it on a Cisco router
access-list 101 deny tcp any any eq 1214
What measure you should take
Add a content-filtering solution to your border security. This is about the only way you're going to block stuff that piggy-backs on
well-known service ports (80, 25, etc) in order to circumvent firewalls.
What you should also know about Kazaa
Unfortunately when you install KaZaa you also get at least one virus installed on your computer. I call it a virus because by most descriptions I've seen of the term, TopText qualifies as a virus. You don't ask for it. It takes control of your browser and makes changes to everything you read on the Internet.
TopText operates with a browser to highlight words on every web page, inserting a yellow background behind keywords that have been purchased through their media sales company eZula, Inc. If a web user clicks on one of those yellow highlighted words on a web page, the user is whisked away to the site of the company paying the most that day for each click-through. If a user whose browser is infected with TopText visits your web site, they will be offered links to competitor's web sites for every keyword they find on your site for which they have a buyer.
This is not much, if any, different from the Smart Tags system that Microsoft announced for their Windows XP browser. Media and webmaster pressure and outrage caused Microsoft to cancel, for now, their release of that feature.
No comments:
Post a Comment