On Tue, 19 Nov 2002, Fadel wrote: > I got a trouble in my network while trying to block Kazaa. > I tried to drop port 1214 with this rule: > > iptables -A FORWARD --dport 1214 -j DROP > > but this doesn't work.
Right, that's not enough :( > so I did sniffing to see what kind of packets and > ports kazaa uses and I saw that it searches for servers in different ports. > later, I read in various texts around the net, but all recommend to block > port 1214 and kazaa site. this probably worked in version 1. > > how could I block kazaa, since I need accept connections in high ports? Hey, it's a hack. But it's mine :=) (not knowing better :( ) Daemonized ngrep: ngrep -l -q -t -d eth0 -i 'kazaa' >> <some log file> and added a cron job that parses the log file looking for UDP packets that include the string kazaa (caseless) in the first 16 bytes. Rip the ip-address and: route add -host <host-ip> reject or ip route add blackhole <host-ip>/32 in a few words (the script is longer). You could look for the strings 'kazaa' and 'super.*server' on TCP packets, to catch a few more. Cheers, Cristian
