Slashdot Mirror
Blocking Kazaa 2.0?
coder_ asks: "Has anyone had success blocking the latest versions of this annoying P2P application in a network-wide context? Previously, people have been told to block a specific port, etc, yet as expected, Kazaa has found an easy solution to this. Apparently, when a connection via default port is not available, Kazaa makes encrypted http requests through port 80, making it rather difficult to now block. If anyone has had success in doing so, I would love to hear from you."
Just block all connections to the authorisation/logon server. Problem solved?
Free Java games for your phone: Tontie, Sokoban
Fuck off. You have no right blocking and filtering traffic for a certain application.
P2P forever!
Lets hope ALL P2P and other applications begin tunneling and encrypting via HTTP to make filtering impossible.
The way it SHOULD BE(tm).
You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
If you're adminning a corporate environment where the only things that the employees should have access to is email and browsing, you could cap their bandwidth. If you're at a school, you might want to try blocking access to the login websites (there's a username/pass system in KaZaA, right?), and forget the bandwidth cap entirely, since students may want to download monster .iso files or something.
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
If you work for an ISP or are a corporate lapdog for big media, STFUB. It won't work and you'll only piss off your paying customers who'll jump to your competitors. Your company will nosedive into the ground - and I'll laugh.
If you are in a corporate or educational environment (and internet bandwidth is supposed to be a productive asset) - there are no precise technical solutions that you can use given the variety of transport options and changing protocols. A few options:
(1) Train your users not to use disallowed software, pointing out bandwidth problems. Then threaten, make the consequences clear (see if it improves). Then take action if bandwidth usage is still bad and start temporarily suspending accounts a day at a time - although double-check they aren't using bandwidth for legitimate purposes first.
(2) Throttle bandwidth based on average usage over the past hour or so with walking averages. I'm sure this would be easy to set up with a software firewall. After a long leaching session, see how they enjoy the internet at 1 kbit/s.
Just upgrade you packeteer packetshaper to version 5.3.0. This image has new code to specifically handle KaZaA 2.0.
That said, there are *plenty* of approaches to the problem of killing KaZaA (and KaZaA Lite), but they rather depend on the network infrastructure. You certainly need to filter the standard ports used by the program, and forcing all port 80 traffic through a filtering proxy server nay be of use. Also, P2P in general seems to need a fair amount of UDP traffic - depending on your setup it might be possible to restrict that to just those ports you require.
UNIX? They're not even circumcised! Savages!
There's not much reason for most people to have any other net access than Web via proxy.
If you've got every box in the company NATd then you are being hoisted by your own petard really.
Giving Lusers software installation rights on terminals may save you some annoying "but I need MSN" bullshit but when they cram Bonzi Buddy and whatever other crap they can find in there you are risking your network and pushing your support costs up.
I'd rather be seen as some sort of network nazi than have to try and use ssh into a remote site at 1 second per character. I found who was running Napster and since that day I'm the annoying guy that curtails people's "rights" and "freedoms".
If you want a compromise let one machine be a p2p client. You can get Gnutella clients with a web front end so anyone on the LAN can submit queries on the same box and then throttle that box's bandwith during working hours & let it roam free when the bandwith is underutilized.
If people kick up a fuss, sack them.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Three suggestions:
NOTE: I am not a SysAdmin, but these options are from a layman's POV.
It seems like the nature of peer-to-peer can be exploited here. Does the protocol Kazaa uses provide some way to locate hosts on its networks? From there you chould just grep for IP's that belong to you and trace from there to a physical computer.
From there, all you need is a good application of some LART to the user of said p2p software, preferably in the form of disciplinary (read: vigilante) action.
Of course, everyone will probably think you're an asshole. This is best mitigated by having an official policy behind you. That, or you can just LART everyone into submission.
clue not required this end
web services are being built on HTTP *because* of proxies.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I just set up a NAT box for a room full of students with their own laptops. I cant control the software on them, but I can control the network. I let through webproxy and ssh ports, which is all they can really ask for in order to do their work.
But the traffic is large and constant. Are they streaming radio, Kazaa'ing? I dont know. But they do want IMAP access to mailservers - doing SSH to a unix box and running 'pine' isn't enough for them - they want clicky clicky. So here's the deal. If that constant traffic goes, and it just looks like you are browsing, I'll enable IMAP access. Streaming traffic disappears.
All I need do is keep an eye on the packet counts. And save a stick for later - they're bound to want to use our printers at thesis-delivery time...
If your in a corporate environment, get management to lay down an internet usage policy. Fire people who break it. They did that at one place I was working and the network traffic dropped by 75% in about 2 days. Fired 6 people, for playing online games and using P2P nets. With management on your side, fear is a strong weapon.
"I kill you! You no good 56'ing!"
write a decent AUP, periodically scan for mp3s and *bitchslap* anyone who breaks them.
Fear, uncertainty and doubt will cut it's usage.
One person or team has to take responsibility of software installations, otherwise you are wide open to virus, trojans and to have not copyrighted software installed without your knowledge.
IANAL but write like a drunk one.
I'd guess KaZaA's "HTTP" traffic would be easily distinguishable from other HTTP traffic. E.g. Hogwash can "drop or modify specific packets based on a signature match".
Don't block the port; rate limit it.
It's much easier to contain things like this with management than with technical means. I find that simply having a "talk" with users that break such policies take care of the problem. Give them that "big brother is watching you" feeling ang 99% of your problems will be taken care of.
Keep Austin Weird!
First of all: I understand why you want to block it.
However, I believe that for each measure there will be a counter-measure and at some point it actually hurts either productivity or freedom of users. Well, while 'freedom' is not necessarily what the users should have in a computing environment, it may hinder creativity in the sense that each time somebody has some free time and likes to try some crazy idea he has to ask for permission, and will most likely be disencouraged tampering with the system.
Depending on how serious the problem is, I would try arguing with people, asking for integrity and common sense instead of imposing rules. If the problem is serious, however, go ahead and block everything which is not on the 'positive' list. To stop unwanted traffic, allow only high volume traffic to a list of 'allowed' ip addresses.
If traffice exceeds the allowed amount, you can make your proxy return a polite message instead of the wanted content.
Do you have an IDS system? I know our Real Secure network sensor will pick up almost all P2P apps. I just shut down a user running one.
A lot of posters are suggesting allowing Kazaa on the author's network, but ratelimiting it. This question is really to you. Have you received complaints from the DMCA 'police' yet? If so, how have you responded--if at all--to the complaint?
:(
/pointer
Typically, I've heard of ISPs sending notices to customers asking them to remove the offending material. If the customer continues to download/share copyrighted material most ISPs will terminate the customers account. If the bandwidth isn't an issue and the customers business is valuable, it would make more sense to block Kazaa (for that customer; if you can't get them to stop sharing copyrighted content).
I did some googling in mid-November of last year and came across some interesting usenet posts relating to the topic. One poster went through all the normal ports that Kazaa used and blocked each one. Then s/he noticed that it used port 80. Later I ran into some docs where someone was using iptables (there was a post on one of the snort mailing lists about this as well) to block Kazaa traffic using '-m' and the 'X-Kazaa' header that it uses. I haven't had time to play with this though.
Good luck and please let us know what you find.
[%- PROCESS life -%]
There's (sadly) not an easy way to do this with most OSS tools or a way to do this on (most) routers.
The hard way: you could do it with a firewall, policy based routing or a L4 switch, and a transparent web proxy, but setup would be a bitch and if you are an ISP, you're going to have a lot of other headaches with a web proxy other than kazaa 2.
The easiest way to successfully bandwidth-limit or block kazaa 2 clients as far as I have seen is by using one of the commercial traffic shaping hardware or software solutions that have the capability of looking at stuff higher than L4. packeteer, et/bwmgr for linux or freebsd, etc. are software tools that do this, and there is hardware such as L7 switches that can accomplish similar feats also.
I haven't looked in a while at the new/upcoming Linux and BSD OS's ip matching rules. It's possible that there is now enough matchers to successfully block or bandwidth kazaa 2 on them, so it may still be worth investigating in lieu of paying big bucks for shaper hardware/software.
~GoRK
1) Block Kazaa port
2) Watch for Kazaa connection switching to port 80
3) Sue under DMCA for circumventing your protection
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
why not just modifiy your host files so they cant even go to the kazza server in the first place,
kazza lite is much better anyway, popup ads are bad manor
Just use a transparent HTTP proxy. Only normal, unencrypted connections on port 80 will be handled. Others just stop dead.
:-)
Of course, this is yet another stopgap solution, just like blocking the original port. When Kazaa 3 or whatever moves to 443, you're going to be pretty much SOL. That's just the way the Internet works. Information tends to move around.
That's kind of too bad -- I'd love nothing more than to see Kazaa, the last of the major closed P2P protocols, go belly-up. I'm definitely rooting for the RIAA/MPAA on this one. Once it dies, people will be using open protocols.
My attitude is pretty much that you're better off throttling the bajeezus out of their traffic -- they exceed a quota, you clamp down on their rate. Trying to *block* something simply makes people try more solutions until they get around it, whereas data trickling in or out will usually keep them happy enough not to cause too many problems. The human side of things kind of has to be considered here.
I'd also like to say that I really loathe transparent proxies (nothing wrong with opaque proxies -- I run one myself -- but *forcing* the user to do something just causes problems). I also hate people that firewall *anything* outgoing, and most things incoming. Causes lots of pain to the user, and not a lot of long term benefit. Eventually, everything except 80 outbound and 443 outbound are going to be firewalled. Then everything will end up using SOAP or tunneling over 443 to communicate just to get by. As a result, in a few years the Internet will be slower and less reliable, and security and ability to "control" what users do will be less there.
My interests and work tend to lie in security, and I *still* think that most security-oriented admins have their heads up their asses. What's needed is a *good* fix, not a slapdash thing like firewalling off a port or two. Kazaa uses too much bandwidth? Provide an alternative that costs you less (a la the school that wanted to reduce P2P bandwidth -- they made a P2P filesharing app that only talked to other machines on the school network). Trying to perfectly control human behavior hasn't been practical since the dawn of time, and the introduction of the computer isn't going to make it suddenly feasible.
May we never see th
Wow, everyone's ignoring the simplest solution...
Uninstall KaZaA from the computers, then block kazaa.com (and the other major filesharing program sites). That'll stop the vast majority of users from reinstalling it.
If you have the ability to shape traffic based on application, then surely you have the ability to log those packets. If they can be traced back to the user, then I say log them and send the user a bill at the end of the month for the bandwidth they're eating.
As someone has already stated, the blocking/counter-blocking cycle can go on forever, so the only real way to solve the problem is through social engineering. For that, there's nothing quite as effective as hitting them where it hurts: right in the wallet!
I don't know if that's a viable solution in your particular situation or not, but that's certainly the angle I would be persuing in your situation. It may simply be enough to add such a clause in your AUP and make sure everyone is advised of it, but in most situations it's helpful to make an example or two (per year, if you're at a school).
Under capitalism man exploits man. Under communism it's the other way around.
This is the "Blocking KaZaA" thread. You want "Stupid Security" further up the page.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
not security
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
This is what we did at my workplace. We created a couple of "secret" shares on a server, and everyone dumps their pr0n & mp3s into the same repository.
This cuts the duplicate files coming in on Kazaa. Sounds silly but it works.
The reason we don't mind Kazaa is we pay for 3Gb/month, what we don't use is lost so we pull in what we can at the end of the month.
Get yourself a new hosts file, or update your DNS if you are responsable for one:
NB: Updated hosts files are available on Kaz itself!
I tried to post it below but the fsckin lameness filter squishes it!
You are a stupid troll. I didn't say they said "music sharing" was legal, I said they basicly said it was okay for the "fans" to do it. I can't find the specific article, but this one talks around it. In the article, their lawyer says: "But I don't think Metallica is going to sue fans, period, unless there's been wholesale infringement."
In the article I was looking for, someone from the RIAA said they didn't want to prosecute any "fans", but go after universities (for merely providing internet access!) and Napster. It's apparently much older, because it was before Metallica even sent names to Napster. (and just getting people banned from one service doesn't do much to stop the illegal activity.)
If they really wanted the blatant copyright infringement to stop, they could've sent letters threatening to sue. It worked for Verison when they did it to webmasters of Star Trek fan web sites. The RIAA's inaction against the people actually doing the crime has led to such myths that it is "fair use" to copy entire CDs and movies over the internet without permission as long as one doesn't profit. Plus many of the people know it's illegal don't care because they think no one will try to punish them.
The backhanded methods of DMCA complains, suing service providers, distribuing trojaned CDs, flooding the networks with crap, &etc have just made the problems worse. Many people don't respect them or their copyrights anymore. If they would have acted resonably and appropriately, some people would have probably even helped by reporting infringers. Even if they started suing and prosecuting those who are actually doing the infringing, they won't do much good, and they'll have an uphill battle.
Most of those service providers they sued or tried to sue didn't even do anything wrong. Just think if this mess happened ten or twenty years ago. We wouldn't have HTTP, FTP, email, or any other networking protocols, (or probably even hard drives / CD burners) because they may potentially be used to infringe copyrights.
They were arrested? Where was that story? The one I read said they were kicked out of school, and it was very recent. See above why it isn't effective at this point. Most people who read it probably didn't care--even if they were hardcore Napster users hosting Metallica songs.
For a while the same could be said about HTTP. You are using that protocol to download the pages off this site. Do you think we should make the web illegal too?
What's wrong with porn? Maybe in Taliban infested areas they'll arrest you or kill you for possessing it, but I see nothing wrong with it, and in areas the Taliban is weak, it is perfectly legal.
Just use a floppy to install.
What needs to be done is lock down via polices to prevent users from running anything that isnt on 'the list'..
Instant solution for a business that has a NT Domain or AD network...
---- Booth was a patriot ----
Yay man, hve you ever heard about newsgroups archives? Or did you try to search a bit before asking /.?
Solution was invented while ago. Just block/trafshape any packets with X-Kazaa string. Like that:
iptables -t mangle -I FORWARD 1 -i eth0 -m recent --update --seconds 60 --rdest --name kazaa -j kazza-out
iptables -t mangle -I FORWARD 2 -i eth1 -m recent --update --seconds 60 --rsource --name kazaa
iptables -t mangle -I FORWARD 3 -i eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rsource
iptables -t mangle -I FORWARD 4 -o eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rdest -j kazza-out
(You may want to change "Kazaa" into mixed-case version. But you KNOW that. You have analized Kazaa packets, you know how kazaa's headers look like. You are netadmin, don't you?)
:wq
You could go the MSN/AOL install disk route and create a monitor/connectiod proggy that watches for P2P app installs and blocks them and auto updates from your servers during their session. Not cheap, but damn hard to beat and easier to fix if they do (spyware WILL have its day!)
... lead to BSA audits.
Make a transparent proxy for all outgoing port 80 traffic. Only allow it to forward valid http requests (not encrypted over port 80. By default http doesn't support encryption with the exception of www-authentication). This would block that port 80 connection. Second find out which servers it is connecting to and block them. Third block all its standard ports.
Believe me, if I started murdering people, there would be none of you left.
1) Block Kazaa port ...
2) Watch for Kazaa connection switching to port 80
3) Sue under DMCA for circumventing your protection
4)
5) PROFIT!!!