><snip> > anybody has a sample how to block Kazaa download? > > KaZaA appears to listen on port 1214. So if you block that port > *inbound* to your machine, in theory no one should be able to download > FROM you. Of course, you can also just tell the program not to share > files. > > If you block *outbound* connections to 1214, your users should be not > able to download from anyone ELSE. At least, that's my limited > understanding of it, I could be completely wrong. ;) > > Shouldn't hurt to try one of these rules, depending on which way you're > trying to block: > > $IPT -A INPUT -p tcp --dport 1214 -j DROP # Avoid people downloading > from you, and/or > $IPT -A OUTPUT -p tcp --dport 1214 -j DROP # Block your users from > downloading via KaZaA > > I use the first rule above, because I was sick and tired of seeing > logged packets being dropped when I wasn't even running the client. > > The usual caveat: people are often able to get around fixed port > assignments and your blocking of same. I don't know if the main KaZaA > client can do this, but I suspect it wouldn't be too hard to hack it > (consider what's been done with KaZaA Lite). > I think the latest kazaa can use http proxies too, so you'll need to block that too (with squidGuard or something similar). > HTH, > > Jeff Bonner
-- ---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
