[nsp] Blocking KAZAA and Co. on PIX
Sam Stickland
sam_ml at spacething.org
Wed Jul 14 06:53:00 EDT 2004
On Tue, 13 Jul 2004, Mike Lewinski wrote:
> Voll, Scott wrote:
>
> > My understanding about applications like Kazaa is that it jumps around
> > on different ports if it gets blocked.
>
> Yep, including a preference for 80/tcp if needed.
>
> > We ended up using a packeteer Packet Shaper to decrease the bandwidth so
> > low that kazaa can work, but so slow that the user gets frustrated and
> > quits.
>
> Prediction: now that L7 analysis tools like the Packet Shaper are widely
> deployed, the P2P networks will implement SSL and start running over
> 443/tcp.
>
> As I see it, when that happens the last possible recourse is to create
> per-user quotas.... Or treat it as a social problem and deal with it
> accordingly.
There are a few other techinques for completely locking out the P2P
software.
One of the tricks that the linux based P2Pwall employs is to send spoofed
packets to machines suspected of running Kazaa etc., proporting to be from
other clients. If the machine responds, then it's net access is locked out
until such time that it thinks Kazaa is no longer running.
Sam
More information about the cisco-nsp
mailing list