blocking kazaa

Taking care of your Linux box.

Postby nganga08 » Tue Feb 17, 2004 5:01 am

yes sir. Its blocked all the network traffic including all the P2P but by the use of squid you can browse the internet, because thats my setup here in my network. Sorry sir if it is not helpull for your setup.
nganga08
Cadet
 
Posts: 3
Joined: Mon Jan 26, 2004 8:48 am

iptables match module for matching P2P apps

Postby imranhussain » Wed Feb 18, 2004 9:58 am

AOA all

Plz ckeckit out!
It is an iptables match module capable of matching various peer-to-peer networks by examining the application-layer protocol.

found here
http://sourceforge.net/projects/iptables-p2p

I've not tried, plz tell me the results
Geek
imranhussain
Lance Naik
 
Posts: 15
Joined: Wed Jun 04, 2003 12:26 pm
ICQ: 173082297
WLM: imranhussain90@hotmail.com
Yahoo Messenger: click2subscribe@yahoo.com
Location: Karachi

blocking kazaa

Postby sarbazix » Fri Feb 20, 2004 5:14 am

salam ever1,
i also tried to block kazaa wid iptables and blocked port 1214 but it's no use coz kazaa is using my http port 8080/3128 i searched all da internet and all i got is a firewall from http://www.lowth.com/p2pwall/ftwall/
but i m hvng a problem compiling ftwall check this out if u cud compile it den let us know ..
sarbazix
Lance Naik
 
Posts: 15
Joined: Fri Feb 20, 2004 4:56 am
WLM: tabaloch@hotmail.com
Yahoo Messenger: tabaloch@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Sat Feb 21, 2004 12:18 am

Dear sarbazix,
Salam,

Blocking KaZaA with IPTables:

iptables -A FORWARD -d 213.248.112.0/24 -j REJECT

--OR--

iptables -A FORWARD --dport 1214 -j REJECT
This rule will not block access to the KaZaA network, but instead will block filetransfers from occuring across KaZaA or Morpheus, as the software has a static port. This is pretty much just as effective, and can actually be more effective as the user won't believe that you have firewalled, but they are just having problems connecting to other users


if KaZaA use your http proxy server then enter the following line to your squid.conf file.

acl blocked_site kazaa.com
http_access deny blocked_site

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby sarbazix » Sat Feb 21, 2004 5:05 pm

LinuxFreaK wrote:Dear sarbazix,
Salam,

Blocking KaZaA with IPTables:

iptables -A FORWARD -d 213.248.112.0/24 -j REJECT

--OR--

iptables -A FORWARD --dport 1214 -j REJECT
This rule will not block access to the KaZaA network, but instead will block filetransfers from occuring across KaZaA or Morpheus, as the software has a static port. This is pretty much just as effective, and can actually be more effective as the user won't believe that you have firewalled, but they are just having problems connecting to other users


if KaZaA use your http proxy server then enter the following line to your squid.conf file.

acl blocked_site kazaa.com
http_access deny blocked_site

Best Regards.

salam ever1
farrukh bhai i also tried this 1 and block both desktop.kazaa.com and kazaa.com from acl it works but den also kazaa connects it seem kazaa is unblockable widout any script and i hv previously posted da link where the script is available but i m having some problem to compile it..
sarbazix
Lance Naik
 
Posts: 15
Joined: Fri Feb 20, 2004 4:56 am
WLM: tabaloch@hotmail.com
Yahoo Messenger: tabaloch@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Sat Feb 21, 2004 6:08 pm

Dear sarbazix,
Salam,

# iptables -A FORWARD -m recent --name kazaa --rcheck --seconds 60 -j DROP
# iptables -A FORWARD -i eth0 -p tcp -m string --string 'X-Kazaa' -m recent --name kazaa --set -j DROP


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby sarbazix » Sun Feb 22, 2004 7:01 pm

LinuxFreaK wrote:Dear sarbazix,
Salam,

# iptables -A FORWARD -m recent --name kazaa --rcheck --seconds 60 -j DROP
# iptables -A FORWARD -i eth0 -p tcp -m string --string 'X-Kazaa' -m recent --name kazaa --set -j DROP


Best Regards.

salam again
i am having error while entring dz rules
iptables -A FORWARD -m recent --name kazaa --rcheck --seconds 60 -j DROP
iptables -A FORWARD -i eth0 -p tcp -m string --string 'X-Kazaa' -m recent --name kazaa --set -j DROP

iptables v1.2.6a: Couldn't load match `recent':/lib/iptables/libipt_recent.so: cannot open shared object file: No such file
or directory
sarbazix
Lance Naik
 
Posts: 15
Joined: Fri Feb 20, 2004 4:56 am
WLM: tabaloch@hotmail.com
Yahoo Messenger: tabaloch@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Sun Feb 22, 2004 9:09 pm

Dear sarbazix,
Salam,

your system does not have libipt_recent.so so please download newer rpm of iptables from http://www.rpmfind.net and install it with rpm command :)

# rpm -Uvh iptables-x.y.z.rpm

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re:

Postby sarbazix » Tue Feb 24, 2004 5:42 pm

LinuxFreaK wrote:Dear sarbazix,
Salam,

your system does not have libipt_recent.so so please download newer rpm of iptables from http://www.rpmfind.net and install it with rpm command :)

# rpm -Uvh iptables-x.y.z.rpm

Best Regards.

salam,
Farrukh bhai i hav iptables v1.2.6a and downloaded iptables-1.2.7a-2.src.rpm and installed it with # rpm -Uvh iptables-1.2.7a-2.src.rpm and restarted iptables service but when i check iptable it show da previos version iptables v1.2.6a and i m getting da same old error while implementing da code's which u previously posted.

iptables -A FORWARD -m recent --name kazaa --rcheck --seconds 60 -j DROP
iptables -A FORWARD -i eth0 -p tcp -m string --string 'X-Kazaa' -m recent --name kazaa --set -j DROP

iptables v1.2.6a: Couldn't load match `recent':/lib/iptables/libipt_recent.so: cannot open shared object file: No such file
or directory

do u have any idea wht m i missing over here???
sarbazix
Lance Naik
 
Posts: 15
Joined: Fri Feb 20, 2004 4:56 am
WLM: tabaloch@hotmail.com
Yahoo Messenger: tabaloch@yahoo.com
Location: Karachi

Re:

Postby LinuxFreaK » Thu Feb 26, 2004 10:30 pm

Dear sarbazix,
Salam,

You have installed Source of iptables and you must compile the source if you don't want to do that then you can get the binary pakage of iptables from ftp://rpmfind.net/linux/redhat/updates/ ... 2.i386.rpm

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby lambda » Sun Feb 29, 2004 3:36 pm

don't block kazaa. instead, use the packet shaping code (cbq, etc) to limit kazaa traffic to something useless, like 1kb/sec.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby farhantoqeer » Tue Mar 16, 2004 2:03 pm

don't block kazaa. instead, use the packet shaping code (cbq, etc) to limit kazaa traffic to something useless, like 1kb/sec.


this is indeed a great suggestion.

any example?
A: Yes
Q: Is top-posting bad?
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

Postby lambda » Wed Mar 17, 2004 2:21 am

here are a couple of links:

http://www.roads.lut.ac.uk/txt/proactive-iptables.html
http://www.linuxquestions.org/questions/archive/3/2003/08/1/78804

it's late, i'm feeling lazy, i just googled for this.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby farhantoqeer » Wed Mar 17, 2004 9:34 am

yes it is late :)

i was reading about this yesterday, i am not gonna implement it becuase i dont have any problem like that but i am sure it might help others who are pinching by KAZAA
A: Yes

Q: Is top-posting bad?
farhantoqeer
Major General
 
Posts: 917
Joined: Thu Jun 27, 2002 5:45 pm
Website: http://www.emergen.biz
Location: Karachi

Postby dandywalisarkar » Fri May 21, 2004 11:10 pm

for blocking kazaa the most appripriate way is to use pathomatic to update your iptables and use the new iptables module which blocks any connection containing zzzz@kazza in http header
------------------------------------------------
If windows were to be an animal, it would have been a fainting goat.............
dandywalisarkar
Cadet
 
Posts: 13
Joined: Fri May 21, 2004 3:56 pm
ICQ: 27053855
Website: http://www.iqranet.info
WLM: hilalafridi@hotmail.com
Yahoo Messenger: hilalafridi@yahoo.com
AOL: haafridi
Location: Mardan


Return to “%s” Administration

Who is online

Users browsing this forum: Google [Bot] and 2 guests

cron