Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Kazaa 2.0?

Posted by Cliff on from the for-when-it-becomes-a-nuisance dept.

coder_ asks: "Has anyone had success blocking the latest versions of this annoying P2P application in a network-wide context? Previously, people have been told to block a specific port, etc, yet as expected, Kazaa has found an easy solution to this. Apparently, when a connection via default port is not available, Kazaa makes encrypted http requests through port 80, making it rather difficult to now block. If anyone has had success in doing so, I would love to hear from you."

7 of 86 comments (clear)

  1. What's it connecting to? by tunah · · Score: 4, Insightful

    Just block all connections to the authorisation/logon server. Problem solved?

    --
    Free Java games for your phone: Tontie, Sokoban
  2. Depends on the situation by GreyWolf3000 · · Score: 4, Insightful

    If you're adminning a corporate environment where the only things that the employees should have access to is email and browsing, you could cap their bandwidth. If you're at a school, you might want to try blocking access to the login websites (there's a username/pass system in KaZaA, right?), and forget the bandwidth cap entirely, since students may want to download monster .iso files or something.

    --
    Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
  3. Why not just use Web proxies by DrSkwid · · Score: 4, Insightful

    There's not much reason for most people to have any other net access than Web via proxy.

    If you've got every box in the company NATd then you are being hoisted by your own petard really.

    Giving Lusers software installation rights on terminals may save you some annoying "but I need MSN" bullshit but when they cram Bonzi Buddy and whatever other crap they can find in there you are risking your network and pushing your support costs up.

    I'd rather be seen as some sort of network nazi than have to try and use ssh into a remote site at 1 second per character. I found who was running Napster and since that day I'm the annoying guy that curtails people's "rights" and "freedoms".

    If you want a compromise let one machine be a p2p client. You can get Gnutella clients with a web front end so anyone on the LAN can submit queries on the same box and then throttle that box's bandwith during working hours & let it roam free when the bandwith is underutilized.

    If people kick up a fuss, sack them.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    1. Re:Why not just use Web proxies by moncyb · · Score: 2, Insightful

      Opensource and freeware can be easily obtained from web pages.

      Yeah, web pages often paid by the author. Web pages where the auther has to pay bandwidth fees. Web pages whose bandwidth may be saturated to the max. Sure, there are organizations which are willing to host software for free (like SourceForge), but for various reasons some authors may not want (or be able) to host their site at such places. Not to mention, I'm sure VA pays a lot of money for bandwith and administration of SourceForge--as do other sites.

      P2P systems allow the users to help share the costs of bandwidth, and if the scumbags hadn't sued every maker of communications software called "P2P" or "file sharing", we'd probably have a P2P CVS type system too, among other things. And the reason "nobody is using Kazaa for legitimate purposes" is because the RIAA basicly said it was okay for "the fans" to "trade" music--they just demonized the people who made any sort of file sharing software. Though I doubt every user of Kazaa is using it for illegitimate purposes. I'm sure you'd say the same thing about Napster, but I know the band Betty's Trash was using it to publish their music. Unless you think it should be illegal for an independent band to publish their music.

      Also, I would be concerned that a P2P app like Kazaa would "hijack" important ports.

      I assume you mean it would use up all the bandwith and use ports in such a way as to not allow blocking it. Yeah, that's a problem. People shouldn't use up bandwith they're not entitled to.

  4. IM can use proxies by DrSkwid · · Score: 2, Insightful

    clue not required this end

    web services are being built on HTTP *because* of proxies.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  5. Err...this is a pretty easy one by 0x0d0a · · Score: 2, Insightful

    Just use a transparent HTTP proxy. Only normal, unencrypted connections on port 80 will be handled. Others just stop dead.

    Of course, this is yet another stopgap solution, just like blocking the original port. When Kazaa 3 or whatever moves to 443, you're going to be pretty much SOL. That's just the way the Internet works. Information tends to move around.

    That's kind of too bad -- I'd love nothing more than to see Kazaa, the last of the major closed P2P protocols, go belly-up. I'm definitely rooting for the RIAA/MPAA on this one. Once it dies, people will be using open protocols. :-)

    My attitude is pretty much that you're better off throttling the bajeezus out of their traffic -- they exceed a quota, you clamp down on their rate. Trying to *block* something simply makes people try more solutions until they get around it, whereas data trickling in or out will usually keep them happy enough not to cause too many problems. The human side of things kind of has to be considered here.

    I'd also like to say that I really loathe transparent proxies (nothing wrong with opaque proxies -- I run one myself -- but *forcing* the user to do something just causes problems). I also hate people that firewall *anything* outgoing, and most things incoming. Causes lots of pain to the user, and not a lot of long term benefit. Eventually, everything except 80 outbound and 443 outbound are going to be firewalled. Then everything will end up using SOAP or tunneling over 443 to communicate just to get by. As a result, in a few years the Internet will be slower and less reliable, and security and ability to "control" what users do will be less there.

    My interests and work tend to lie in security, and I *still* think that most security-oriented admins have their heads up their asses. What's needed is a *good* fix, not a slapdash thing like firewalling off a port or two. Kazaa uses too much bandwidth? Provide an alternative that costs you less (a la the school that wanted to reduce P2P bandwidth -- they made a P2P filesharing app that only talked to other machines on the school network). Trying to perfectly control human behavior hasn't been practical since the dawn of time, and the introduction of the computer isn't going to make it suddenly feasible.

    --
    May we never see th
  6. Re:ideas... by toast0 · · Score: 2, Insightful

    blocking kazaa or the file trading program of the day doesn't equal removing the copyrighted media, does it?

    --
    Need a Catering Connection