Josef.Fuchs@leykam.com wrote:
Hi, Security List Subscribers.
Can somebody tell me if it´s possible to block all Kazaa communication at my SuSE Firewall-Box?
I´m running an IPTABLES script based on the SuSE Firewall Script.
as others mentioned before it's not possible to block p2p software or any other software form connecting to the outside without blocking all. Many software now ships addons or features to walk thru every possible firewall (using the proxy with httpconnect to port 443 to build a complete tunnel to the outside etc.). Every time you open such a hole it can be used by some software. I would suggest you to use the "human firewall" e.g. tell them not to do, block the most common ports (1214 tcp is kazaas default port afaik) or better just allow what you really need (maybe only web via. proxy, whatever your security needs fits) and randomly take a look whats going on in your network (IDS would work, too). But don't forget you have, at least here in germany, to tell them that you 'dig around' in the network etc. and before that, your boss should give you an ok for that. Some things should _really_ solved by a human way instead of the technical one. Every block you add may push your users in the wrong direction: how to circumvent the blocks? just my 2 ct. Sven