• Inicio
  • Sobre el Sitio
  • Eventos
  • Galería
  • Regístrate
  • Publicar Artículo
  • Curriculas
  • Revisiones
  • Material Educativo
  • Lista de Correo
     
    Buscar por:



    Sobre el Sitio
    Bienvenidos al sitio web del Grupo de Usuarios Linux de Ensenada (ELUG) !

    Este sitio web tiene como intención proveer un área donde se publique información relacionada al mundo de Linux, Código Abierto y demás temas que puedan caber ! ;) (Para eso estan los off-topics!)

    Si deseas participar, deberás crear una cuenta para poder publicar artículos y/o comentarios.

    El principal método de comunicación del ELUG es la Lista de Correo del ELUG

    Por favor sean amables y eviten malas actitudes , gracias de antemano ! :)

    Diviertanse y ayudenos a mantener al día el sitio con información !

    Saludos !


    Este sitio web es orgullosamente patrocinado por CiberLinux Networking
  • Subscribe to MAKE and save!

    Bloquear KaZaA
    Ayuda Artículo por saaib on 2003-06-18 11:38:03 Fuente: Sheng Long Gradilla (Email)
    From: Sheng Long
    >Sale, a ver si jala :P
    >Va a haber que realizar algunas pruebas. No es >la solución así directa,
    >pero son comentarios concretos.
    >
    >Esos hijos de su puta madre del Kazaa a cada >rato cambian cosas para
    >sacarle la vuelta a los arreglos de >administradores de red que quieren
    >trabajar a gusto.



    =================================
    Block Kazaa ports using Cisco NBAR. NBAR is a heck of a lot better than CAR considering it blocks Kazaa 2
    traffic completely. That POS can't even default to port 80 without NBAR dropping its packets. I'm posting this
    config because NBAR is not very well known or documented. I came up with this config myself & it is a
    lifesaver. Kazaa can kiss my ass!!! Enjoy!

    Assuming your using Cisco Routers, download the IP PLUS IOS v12.2(13)T1. Make sure you have at least 16megs of
    Flash & 64megs of RAM. Purchase your upgrades from www.crucial.com considering Cisco rips you off w/ the same
    memory.

    Upgrade the IOS & add the following lines to your config:

    ip cef
    !
    class-map match-any p2p
    match protocol fasttrack
    match protocol gnutella
    match protocol napster
    match protocol http url \.hash=*
    match protocol http url /.hash=*
    match protocol kazaa2
    !
    !
    policy-map p2p
    class p2p
    police cir 8000 bc 1500 be 1500
    conform-action drop
    exceed-action drop

    THEN, add the following to both of your incoming & outgoing Router Interfaces: (You only need to apply it to
    one but its just personal preference)

    interface FastEthernet0/0
    ip nbar protocol-discovery
    service-policy input p2p
    !
    interface FastEthernet0/1
    ip nbar protocol-discovery
    service-policy output p2p
    !



    =================================
    Great. Hope it works out. I've actually I've experimented further & have modified the config accordingly:

    ip cef
    !
    class-map match-any p2p
    match protocol fasttrack
    match protocol gnutella
    match protocol napster
    match protocol http url "\.hash=*"
    match protocol http url "/.hash=*"
    match protocol kazaa2
    !
    !
    policy-map p2p
    class p2p
    police cir 8000 bc 1500 be 1500
    conform-action drop
    exceed-action drop

    THEN, add the following to both your internal or external Router Interface (I prefer internal):

    interface FastEthernet0/0
    ip nbar protocol-discovery
    service-policy input p2p
    service-policy output p2p
    !

    ========================
    Some modern firewall software has better protection for P2P and IM. CheckPoint FW-1 (NG FP3) for example, has
    built in filters for ICQ, KaZaa, gnutella, MSN and others, most of this seems to be from matching the headers -
    e.g. using the details posted above.
    ========================
    Hello Spoofed packets... see my previous post - most IDS software can now detect P2P traffic even the HTTP
    based stuff has very obvious headers, you can then get the IDS to issue a TCP RST or which ever kill mechanism
    it uses to drop the traffic.

    Plus firewall vendors are picking up on this too, e.g. SmartDefence in CheckPoint FW-1.
    =================

    X-Kazaa-Username
    X-Kazaa-Network
    X-Kazaa-IP

    =================

    Im trying like hell to get Kazaa to stop connect successfully... =
    Whatever i do, blocking port 1214 in ANY possible way, it still resist =
    and connect sucessfully, even with thoes firewall rules

    iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
    iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
    iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
    iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
    iptables -A FORWARD -m string --string "Kazaa" -j DROP

    Chain FORWARD (policy DROP)
    target prot opt source destination
    DROP all -- anywhere anywhere STRING match = X-Kazaa-Username:
    DROP all -- anywhere anywhere STRING match = X-Kazaa-Network:
    DROP all -- anywhere anywhere STRING match = X-Kazaa-IP:
    DROP all -- anywhere anywhere STRING match = X-Kazaa-SupernodeIP
    DROP all -- anywhere anywhere STRING match = Kazaa
    LOG all -- anywhere anywhere STRING match = User LOG level warning
    DROP all -- anywhere anywhere STRING match = User
    state_chk all -- anywhere anywhere

    ============================

    I recommend REJECT --reject-with tcp-reset.
    It will tell the clients that the connections is closed. If you drop the
    packets, the clients will try to send packets on and on for some time.

    ============================

    use a tool which is pretty new which works on =
    a different ip layer. Below is a post recently sent regarding it.
    The way it works is that it matches the packets content and pushes that =
    into the shaped pipe, iptables can actually do that too with the "-m =
    string" patch-o-matic module. I'm just not sure what happens after the =
    SYN packet if the connection keeps goign through the shaped pipe or =
    not..
    hope this helps...?

    =============================

    There is a sourceforge project that has just released
    application shaping tools for TC
    http://l7-filter.sourceforge.net/
    We are in the process of adapting their "application
    detection code" into the arbitrator.. =20
    Their code works by matching text patterns in data
    packets. If you have any knowledge on this subject
    please share your thoughts experiences.

    ================================


    iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT
    --reject-with tcp-reset
    "KazaaClient" is a fairly distinct string to search for, but again
    would then catch this email. You'd have to ACCEPT tcp port 25,80,110
    then drop anything with the string, then handle the remainder of your
    rules to be safest with this approach. Apparently V1 and V2 Kazaa both
    use this string in every connection attempt.

    ==================================


    ( Comentar )


     

    Encuestas

    Ligas Relacionadas
  • Artículos en Ayuda
  • Artículos por saaib

  • Accesar
    Usuario :
    Clave :
    Olvidé mi clave

    Tópicos Disponibles

    Últimos Artículos
  • Student Submissions for GSoC (0) por saaib
  • Why (and How) to Root Your Android Phone (0) por saaib
  • Visita Senado de República R. Stallman (0) por fermin
  • Software Freedom Day en Tijuana (2) por jaranda
  • Pirateadas (0) por jaranda
  • Como "pegar" archivos PDF (2) por jaranda
  • Microsoft stuns Linux world (0) por jaranda
  • De mascotas y EULAs ...... (0) por jmlopezv
  • Talleres a impartir en el X Aniversario (0) por Shilon
  • The Git Community Book (0) por jaranda
  • Ubuntu GNU/Linux en una MacBook Pro (0) por jaranda
  • Tech Talk: Linus Torvalds on git (1) por jaranda
  • Nuevo foro de discusión (5) por jaranda
  • OpenGL 3 & DirectX 11: The War Is Over (2) por saaib
  • Freedom Fry - "Happy birthday to GNU" (0) por saaib
  • Linus se enojo! :D (0) por jaranda
  • RedHat Perl, what a tragedy (0) por saaib
  • The 7 dirtiest jobs in IT (0) por saaib
  • 5 razones para evitar el iPhone (0) por saaib
  • Google C++ Testing Framework (0) por saaib

  •   
    Todo el contenido de este sitio web a menos que se haga notar la excepción estáa bajo licencia GPL.
    Para cualquier aclaración sobre el contenido de esta licencia, favor de visitar GNU General Public License

    Linux es una marca registrada de Linus Torvalds. Cualquier marca registrada que se referencíen en este sitio son propiedad de sus respectivas compañias.