How to block Kazaa

[alejo20]

Hello everybody ,
i am in a school environment and of course all the kids want to download mp3's and stuff like that. my question is what port(s) does this program use or if there is a different way of blocking it. is there a way to block all programs alike?

any help in this matter will be greatly appreciated. Thank you all in advance.

 

[PatBo]

Hi,
I am in a similar environment and have set our Student Policy as follows:
PROTECTED FILES
.mp3 - No access and Hide
.asx - No access and Hide
.wvx - No access and Hide
.wma - No access and Hide
.mpga - No access and Hide
.ram - No access and Hide
.wav - Read only and Hide

Since these changes we have had nothing more downloaded -Maybe of help?

Patrick Boland




Slán agus beannacht.

 

[alejo20]

Thank You PatBo, but other than what you have said, does kazaa use any specific port that can be blocked instead?

 

[PatBo]

Sorry, I am still awaiting replies to similar requests, but sometimes the temporary/workaround fix becomes permanent.

CYA
Slán agus beannacht.
Patrick Boland

 

[achilleus]

KaZaA is usually communicating through port 1214/TCP. AJ
SA
HS

 

[alejo20]

by blocking that port all the activity should stop? are there any other known ports? or is this the only one?

 

[rsptt]

Hi -

You might want to checkout Akonix at

http://www.akonix.com.

They have a perimeter device that effectively blocks all popular P2P, as well as gives you true management of public Instant messaging.

They were recently favorably reviewed in eWeek

 

[ryhackl]

PatBo...

I'm assuming you've done that in Windows 2000 Server? If so, is it a group policy?

And more generally - has anyone succeeded in a solution using a proxy server (such as Squid, perhaps)?

- Ryan

 

[lonsdaley]

Not sure whether it's possible with squid, but if you don't have anything like Websense (or a similar product) I'd put a re-direct for the url to, e.g. the intranet.

 

[VQIS]

I'm a Network/Computer Consultant and I volunteer my time at a non-profit community Computer & Technology Access Center. Many of the lab users are teenagers or younger. They wanted to be able to block certain files from being downloaded and since I was installing squidnt to block porn sites I also used it to block specific files. (Keep in mind, there are always ways around...for example, a blocked *.mp3 could be zipped or the extension changed to something that was not blocked (they did not want to block *.zip files). But who knows...maybe they won't figure that out...yeah right, who am I kinding!) Here's the squid.conf config lines:

acl badFiles url_regex -i \.exe$ \.msi$
http_access deny badFiles

This blocks all *.exe and *.msi (MS Setup Files) files.

Hope this helps...

 

[PatBo]

ryhackl:
We have a 3rd party system called 'Viglen Classlink' in front of NT4. Changes for students were set in 'poledit' as a group.
Up to now we could only filter internally by domain name/address. We have now installed a 'Debian/Proxy server running 'squidguard' which has greatly improved our flexiblity as far as filtering is concerned. I access it through a VNC Viewer or at the server.
Will probably never get it 100% but looking good at present.

Slán agus beannacht.
Patrick Boland

 

[almahtar]

First off, you could always figure out what ports kazaa is using with a packet sniffer. Set up a little experiment yourself: hook up a computer and make sure it isn't running any other network client-type software, set up a packet sniffer on that machine or on an adjacent machine, then run kazaa and watch the traffic on the sniffer.

If there are any ports that seem to be used very often, you're set.

Also, when kazaa first connects it has to find a host to connect to, right? Eventually it will navigate out into the middle of the great p2p abyss, but at first there must be a central place it looks to to find a connection to the kazaa network. When you tell kazaa to connect on your portsniffer experiment, check if it first connects with some place like hosts.kazaa.com or whatnot.

If that's the case you can just deny that host/hosts.

...so there are two suggestions. Good old packet sniffers!

 

[jad]

i thought kazaa didn't use http ...

if you are using squid and you want to block file extensions:

acl bannedext urlpath_regex -i \.mp3$ \.asx$ \.wvx$ \.wma$ \.mpga$ \.ram$ \.wav$

http_access deny bannedext

 

[jad]

ohh ... and with squid to block ports :

acl Kazaa port 1214
http_access deny Kazaa

 

[almahtar]

Kazaa doesn't use http, unfortunately. It'd be a lot easier that way. If I was you, I wouldn't block all mp3 wav, etc files. There's a lot of actual valuable information out there that just may be stored in that format. I know a lot of speeches I needed to critique in highschool could be found online in mp3 format, and a lot of tutorials, also.
Besides, there are some music classes that could really use an example of, say, how a professional performs a particular musical or sonata.

Block Kazaa? Yes. Block mp3s? Your call, but think twice.

 

[lbreimyer]

I block Kazaa in my school environment with Pedestal Software SecurityExpressions. So far, I have been pleased with the results. As long as you have a system security policy that restricts 3rd party application installation, you will easily be able to control your students's activities. Also, you can update the policy centrally and it will automatically populate to the desktops (it's agentless).