RE: Kazza and ISA server

["Maher Odeh" <rax () netvision net il>]

Taken from: 
http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/802/qid/46481
4



First, I am not familiar with ISA server (mostly checkpoint) but, maybe
blocking access based on headers is a better way.
it is possible to make kazaa work with port 80 rather than 1214. So they
will pass.
But you may block certain headers like:
"GET /.hash*"
"UserAgent: KazaaClient"
"X-Kazaa*" (a few headers start with this)

And according to Microsoft, you can do this with URLScan Web Filter for
ISA:
http://download.microsoft.com/download/4/c/b/4cbe9a1f-8d97-4c71-b6b3-d96
7924981db/urlscan_readme.htm

I had no chance to try this at ISA server but I hope it works for you.

greetz,

Rule0

-----Original Message-----
From: Alaa Shaheen [mailto:Ashaheen () aedegypt org] 
Sent: Friday, August 22, 2003 5:43 PM
To: security-basics () securityfocus com
Subject: Kazza and ISA server

Hi All

I am having a little problem of controlling the traffic passing through
my ISA server, specially the P2P file sharing programs such as Kazza and
Imesh

Did anyone knows how to block Kazza traffic using the ISA server ?

Thanks in advance for your help

Alaa Shaheen

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

 


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------