Blocking Kazaa 2.0?

coder_ asks: "Has anyone had success blocking the latest versions of this annoying P2P application in a network-wide context? Previously, people have been told to block a specific port, etc, yet as expected, Kazaa has found an easy solution to this. Apparently, when a connection via default port is not available, Kazaa makes encrypted http requests through port 80, making it rather difficult to now block. If anyone has had success in doing so, I would love to hear from you."

Packeteer

[gatorade123]

Just upgrade you packeteer packetshaper to version 5.3.0. This image has new code to specifically handle KaZaA 2.0.

More information needed

[Zocalo]

Could you possibly be more general? Seriously, you are going to need to give people a better idea of your network setup unless you only want general answers on this, most of which will be moot in you environment.

That said, there are *plenty* of approaches to the problem of killing KaZaA (and KaZaA Lite), but they rather depend on the network infrastructure. You certainly need to filter the standard ports used by the program, and forcing all port 80 traffic through a filtering proxy server nay be of use. Also, P2P in general seems to need a fair amount of UDP traffic - depending on your setup it might be possible to restrict that to just those ports you require.

Education

[FungiSpunk]

If your in a corporate environment, get management to lay down an internet usage policy. Fire people who break it. They did that at one place I was working and the network traffic dropped by 75% in about 2 days. Fired 6 people, for playing online games and using P2P nets. With management on your side, fear is a strong weapon.

Commercial Shaper

[GoRK]

There's (sadly) not an easy way to do this with most OSS tools or a way to do this on (most) routers.

The hard way: you could do it with a firewall, policy based routing or a L4 switch, and a transparent web proxy, but setup would be a bitch and if you are an ISP, you're going to have a lot of other headaches with a web proxy other than kazaa 2.

The easiest way to successfully bandwidth-limit or block kazaa 2 clients as far as I have seen is by using one of the commercial traffic shaping hardware or software solutions that have the capability of looking at stuff higher than L4. packeteer, et/bwmgr for linux or freebsd, etc. are software tools that do this, and there is hardware such as L7 switches that can accomplish similar feats also.

I haven't looked in a while at the new/upcoming Linux and BSD OS's ip matching rules. It's possible that there is now enough matchers to successfully block or bandwidth kazaa 2 on them, so it may still be worth investigating in lieu of paying big bucks for shaper hardware/software.

~GoRK

Re:What's it connecting to?

[miruku]

kazaa users can set themselves up as 'supernodes', so they'd have a lot of ip's to block

Solution - inspect packets with Linux

[zdzichu]

Yay man, hve you ever heard about newsgroups archives? Or did you try to search a bit before asking /.?


Solution was invented while ago. Just block/trafshape any packets with X-Kazaa string. Like that:

iptables -t mangle -I FORWARD 1 -i eth0 -m recent --update --seconds 60 --rdest --name kazaa -j kazza-out
iptables -t mangle -I FORWARD 2 -i eth1 -m recent --update --seconds 60 --rsource --name kazaa
iptables -t mangle -I FORWARD 3 -i eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rsource
iptables -t mangle -I FORWARD 4 -o eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rdest -j kazza-out

(You may want to change "Kazaa" into mixed-case version. But you KNOW that. You have analized Kazaa packets, you know how kazaa's headers look like. You are netadmin, don't you?)