Thanks for the reply Jay, i have been looking through the forums and have found that kazaa2 uses different ports than 1214. The recommendation is to use NBAR to block the traffic.

If there is anyone who can supply a config to use NBAR on a internet router to block kazaa and P2P traffic while allowing all other traffic i would appreciate it.

Thanks.

Hi Paul -

Not too sure on Kazaa2 but if you want document on setting up NBAR then please check the following (for cisco router IOS 12.2 Main Line).

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d0.html

Thanks - Jay

Hi,

If it is not too much trouble, deploy a linux box with Snort IDS + a plugin for it, called SnortSam. SnortSam can do shunning for PIX and many other firewalls, so Snort will detect Kazaa2 (it has appropriate signatures for it) and will tell SnortSam to block destination IP address (you can block the source IP also but in this case the internal user won't access anything at all). SnortSam opens a telnet session to PIX and blocks the dest IP. The Snort's signature detects the download session of Kazaa only, so users can search Kazaa but as soon as they start download/upload Snort/SnortSam/PIX will block the session.

If you gonna do it bring the SnortSam config into non-threading mode, so it does not forget to unblock the dest. IP after some time.

I think it is much better this way than to deploy a router with NBAR just for this

Dmitry