RE: [suse-security] Blocking Kazaa and other P2P communication tools.
Use a sniffer and watch which ports are being used. I cannot tell you which ports, because the corporate firewall that I manage is not SuSEs Firewall2, but I have only defined which ports to accept outbound (SMTP, HTTP(S), etc) and Kazaa does not work here. Not very useful maybe, but talking with users to have them stop using Kazaa is i think more complicated. -KEH -----Original Message----- From: Johannes Bretscher [mailto:bretscher@5sl.org] Sent: Tuesday, August 19, 2003 3:11 PM To: Josef.Fuchs@leykam.com Cc: suse-security@suse.com Subject: Re: [suse-security] Blocking Kazaa and other P2P communication tools. On Tue, Aug 19, 2003 at 02:57:34PM +0200, Josef.Fuchs@leykam.com wrote:
Hi, Security List Subscribers.
Can somebody tell me if it?s possible to block all Kazaa communication
at my SuSE Firewall-Box?
Talk to the users of this program. Trying to block Kazaa, Emule and similar programs technically you will always be a step behind them.
thanks in advance
Josef Fuchs
HTH Johannes -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, Historical Review of Pennsylvania, 1759. -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Tue, Aug 19, 2003 at 03:17:10PM +0200, Knut Erik Hauslo wrote:
Use a sniffer and watch which ports are being used. I cannot tell you which ports, because the corporate firewall that I manage is not SuSEs Firewall2, but I have only defined which ports to accept outbound (SMTP, HTTP(S), etc) and Kazaa does not work here.
The problem is that these programs can change ports. Even well known ports like 80 443 25 etc may be used. I don't know if Kazaa can do this but I have seen programs speaking perfect http over port 80 that are in no other way related to the www.
Not very useful maybe, but talking with users to have them stop using Kazaa is i think more complicated.
It may be the only effective way.
-KEH
Greetings, Johannes -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
On Tuesday, 19. August 2003 15:28, bretscher@5sl.org wrote:
On Tue, Aug 19, 2003 at 03:17:10PM +0200, Knut Erik Hauslo wrote:
Use a sniffer and watch which ports are being used. I cannot tell you which ports, because the corporate firewall that I manage is not SuSEs Firewall2, but I have only defined which ports to accept outbound (SMTP, HTTP(S), etc) and Kazaa does not work here.
The problem is that these programs can change ports. Even well known ports like 80 443 25 etc may be used. I don't know if Kazaa can do this but I have seen programs speaking perfect http over port 80 that are in no other way related to the www.
How about using proxies? AFAIK, proxy server can't handle anything else than what they have been developped for. :) Example: A firewall redirects port 80 and 443 to port 3128, where squid listens. I have never seen a P2P user breaking this barrier... :) -- CU, Christoph Egger M&L Computing GmbH
Use proxy server should be a good solution, but also to block the users from install programs on the client. Only the client admin should do the installs. Hälsningar/Regards - Tommy Rönnholm ======================================= Tel/phone: 070-6400232 Int: +46(70)6400232 Fax: 070-3889387 Int: +46(70)3889387 tommy.ronnholm@elcaro.se http://www.elcaro.se
-----Original Message----- From: Christoph Egger [mailto:"egger@egger"@mlcomputing.de] Sent: Tuesday, August 19, 2003 4:29 PM To: suse-security@suse.com Subject: Re: [suse-security] Blocking Kazaa and other P2P communication tools.
On Tuesday, 19. August 2003 15:28, bretscher@5sl.org wrote:
On Tue, Aug 19, 2003 at 03:17:10PM +0200, Knut Erik Hauslo wrote:
Use a sniffer and watch which ports are being used. I cannot tell you which ports, because the corporate firewall that I manage is not SuSEs Firewall2, but I have only defined which ports to accept outbound (SMTP, HTTP(S), etc) and Kazaa does not work here.
The problem is that these programs can change ports. Even well known ports like 80 443 25 etc may be used. I don't know if Kazaa can do this but I have seen programs speaking perfect http over port 80 that are in no other way related to the www.
How about using proxies? AFAIK, proxy server can't handle anything else than what they have been developped for. :)
Example: A firewall redirects port 80 and 443 to port 3128, where squid listens. I have never seen a P2P user breaking this barrier... :)
-- CU, Christoph Egger M&L Computing GmbH
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Tue, Aug 19, 2003 at 04:28:58PM +0200, Christoph Egger wrote:
On Tuesday, 19. August 2003 15:28, bretscher@5sl.org wrote:
On Tue, Aug 19, 2003 at 03:17:10PM +0200, Knut Erik Hauslo wrote: The problem is that these programs can change ports. Even well known ports like 80 443 25 etc may be used. I don't know if Kazaa can do this but I have seen programs speaking perfect http over port 80 that are in no other way related to the www. How about using proxies? AFAIK, proxy server can't handle anything else than what they have been developped for. :)
Example: A firewall redirects port 80 and 443 to port 3128, where squid listens. I have never seen a P2P user breaking this barrier... :)
As I said before I'm not shure if Kazaa is able to speak html. If not this might work until someone uses a http tunnel program.
-- CU, Christoph Egger M&L Computing GmbH
Greetings, Johannes -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
How about using proxies? AFAIK, proxy server can't handle anything else than what they have been developped for. :)
Example: A firewall redirects port 80 and 443 to port 3128, where squid listens. I have never seen a P2P user breaking this barrier... :)
I would give proxies a try. Put it so that firewall lets traffic through only when it is originating from the proxy - at least for 80 and other proxied ports/services. Then configure the proxy: deny traffic to sites you do not want accessed etc. Users will be forced to use proxy - even if they do not want to - since the FW is not letting them out otherwise. And when they use the proxy, they will face the rules there. Right? regards, timo
participants (5)
-
Christoph Egger
-
Johannes Bretscher
-
Knut Erik Hauslo
-
timo
-
Tommy Rönnholm