Has anyone found a way of blocking the use of Kazaa on desktop Pcs. We have tried blocking the .exe file through a group policy but the users rename and execute Kazaa.exe. We have also tried unsuccessfully to block Kazaa via our PIX firewall. Does anyone have any further means by which we can block the use of this application. Any suggestions would be much appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Any way of blocking Kazaa
- Thread starter NICKYD
- Start date
I found a user here using it when I did a recent portscan.
What I did is I connected remotely to his computer, opened up a few .ini and .dll files and deleted some lines of code from them. Then I set the file permision for administrators full, and his username explicidly denied.
I figure that way, it will break it, and when he tries to reinstall it, the install program wont be able to overwrite those newly corrupted files.
What I did is I connected remotely to his computer, opened up a few .ini and .dll files and deleted some lines of code from them. Then I set the file permision for administrators full, and his username explicidly denied.
I figure that way, it will break it, and when he tries to reinstall it, the install program wont be able to overwrite those newly corrupted files.
Try blocking access to their logon servers. I'm not sure what IPs to block, but a little research could reveal that I'm sure.
Or find a string in the registry that will kill Kazaa, then put that in the logon script so every time a user logs on the registry string is deleted. (Just an idea, might not work)
Also, see if you can get a stronger security policy set. Make the punishments for internet abuse a little higher. ________________________________________
Check out
Or find a string in the registry that will kill Kazaa, then put that in the logon script so every time a user logs on the registry string is deleted. (Just an idea, might not work)
Also, see if you can get a stronger security policy set. Make the punishments for internet abuse a little higher. ________________________________________
Check out
Howdy:
Going to assume this is happening on networked office systems. If that is the case (even if it is just office systems) do what we did..
Come up with a company policy stating "Anyone caught connecting to websites NOT specifically dedicated to work-related options will be given a reprimand."
A second office will result in 5 days suspension without pay.
A third offense will result in immediate termination.
Make sure it is applied in ALL cases and without prejudice. You might have to envoke step 2, but it will only be once !!
Murray
Going to assume this is happening on networked office systems. If that is the case (even if it is just office systems) do what we did..
Come up with a company policy stating "Anyone caught connecting to websites NOT specifically dedicated to work-related options will be given a reprimand."
A second office will result in 5 days suspension without pay.
A third offense will result in immediate termination.
Make sure it is applied in ALL cases and without prejudice. You might have to envoke step 2, but it will only be once !!
Murray
Kazaa by default uses port 1214, both udp and tcp,just block the 1214tcp and they won't be able to establish a session. However, if they poke around the application they can change settings and ports, so they could have Kazaa use port 80(http). Some Firewalls can inspect the header information of the packet and drop it.Checkpoint has this feature in their smartdefence. Proxy server can also block these applications regardless of port or...this would suck if you have a large number of PC's but remove all give everyone no access to kazaa.exe, as long as they don't have the rights to change permissions on the PC, no problem.
u could do
@echo off
:loop
for /F %%a in ('net view ^| find "\\" ') do
pslist %%a | find "kazaa.exe" /I && pskill %%a kazaa.exe
goto loop
or something similar.
using pstools
===============
Security Forums
@echo off
:loop
for /F %%a in ('net view ^| find "\\" ') do
pslist %%a | find "kazaa.exe" /I && pskill %%a kazaa.exe
goto loop
or something similar.
using pstools
===============
Security Forums
Browolf has a script for everything! ![[thumbsup2]](/data/assets/smilies/thumbsup2.gif "[thumbsup2] [thumbsup2]")
________________________________________
Check out
________________________________________Check out
PcLinuxGuru
Technical User
I have been trying to block Kazaa for some time too.... I was going to find some of the dll and make them 0 bytes (empty files) then deny all permissions so he program can't be installed. But I am going to try browolf's idea because I am bored 
Visit
Visit you need the ^ for the |
did you paste it from here?
you can simplify it to start with to see what bit isnt working e.g.
for /F %%a in ('net view ^| find "\\" ') do echo %%a
===============
Security Forums
did you paste it from here?
you can simplify it to start with to see what bit isnt working e.g.
for /F %%a in ('net view ^| find "\\" ') do echo %%a
===============
Security Forums
williambishop
MIS
You may have trouble with the newer kazaa's and the like, most have gone to a random port and a user with minimum intelligence can move the directories and use links. If it is a large organization, you will end up using a packet shaper...but for smaller companies, I go with the guys, find and delete all instances, and for those who find ways around this, update your user policy for harsher consequences and then watch the traffic for a while, figure out who's doing it, and make an example of the first few employees.
PcLinuxGuru
Technical User
I got it to work. Made his script into a batch file on our PDC. When I ran it it closed the test computer's kazaa on the client. The only issue I might see with this is one scheduling the script to run every so often and the extra traffic it will cause. I only have 150 lab computers so I am not worried about the traffic yet.
The other way of totally blocking kazza is by transparent proxying with an ACL for the user agent used. In short you would block all traffic at your router and allow your proxy full access. Port 80 would get redirected to your internal proxy. If you set up the acl's right it will see that the User-Agent is not Mozilla or IE and deny it. Or you can have the proxy change the user agent before it goes out... etc
I haven't tried it myself yet but I have read about it. I think the script is much easier especially if you have a budget like I do and can't afford hardware for a proxy. (We run Linux with Squid for caching already which is free. It is only a matter of finding time to mess with it) Visit
The other way of totally blocking kazza is by transparent proxying with an ACL for the user agent used. In short you would block all traffic at your router and allow your proxy full access. Port 80 would get redirected to your internal proxy. If you set up the acl's right it will see that the User-Agent is not Mozilla or IE and deny it. Or you can have the proxy change the user agent before it goes out... etc
I haven't tried it myself yet but I have read about it. I think the script is much easier especially if you have a budget like I do and can't afford hardware for a proxy. (We run Linux with Squid for caching already which is free. It is only a matter of finding time to mess with it) Visit
PcLinuxGuru
Technical User
There is one thing I forgot to mention. There is a program called TerminatorX I have tried the trial version and it does work and teh site license according the website is reasonable in my opinion. I just don;t have the $$$$ to purchase it.
It gets installed on the client computer and runs as a service. It scans the Title bar of all the windows that are open and if it finds a match according to the list you created it closes the window. Visit
It gets installed on the client computer and runs as a service. It scans the Title bar of all the windows that are open and if it finds a match according to the list you created it closes the window. Visit
PcLinuxGuru
Technical User
In response to ITR:
The script above if you copy and pasted it will not work.
The following HAS to be on the same line:
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "kmd" /I &&
That is how I got it to work.
Thansk,
Bill Visit
The script above if you copy and pasted it will not work.
The following HAS to be on the same line:
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "kmd" /I &&
That is how I got it to work.
Thansk,
Bill Visit
Its software that runs at the perimeter with the firewall (has a Checkpoint module). It lets you manage most p2p software traffic including Kazaa/Kazaa Lite. And by manage I do mean block!
________________________________________
Check out
- Status
Similar threads
- Locked
- Question