Home page logo
/

basics logo Security Basics mailing list archives

Re: Filtering new KaZaa!!!
From: Bruno Lustosa <bruno () lustosa net>
Date: Thu, 31 Oct 2002 16:05:48 -0300

Soporte [soporte () opticalip com pe] wrote:
I am trying to block KaZaa using access lists, I read many
tips like blocking port 1214, block the Morpheus network, but
with the latest version of KaZaa it seems that not work, why?
Let me explain...
I have Kazaa Media Desktop 2.0 (Built: Friday, September 20,
2002 16:14:03), a Network Protocol Analyzer (Ethereal Version
0.9.7) and a Cisco Catalyst 6509 (IOS MSFC2 Software C6MSFC2-
IS-M Version 12.1 E4)
(...)

Don't know if it's applicable in your network, but isn't it easier and
way more secure to block everything, and then allow "legitimate" traffic
(like http, ftp, etc) ?
I've had an experience similar to this in the past, and the moment I
bloced Morpheus, people moved to edonkey. When I blocked edonkey, people
moved to iMesh. It would go like forever, because people are always
making new p2p networks.
So, just block everything and allow the valid traffic, and you'll have
blocked every existing p2p software and future ones also (well, one
might use an http gateway, but then a proxy would help you).
It's always good security practice whitelisting instead of blacklisting.
Just isn't applicable in every network setup (ISPs, for example).

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno () lustosa net
Network Administrator/Web Programmer | ICQ UIN: 1406477
Rio de Janeiro - Brazil              |

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault