09-17-2003 04:34 PM - edited 03-09-2019 04:50 AM
Hi,
Can someone provide information on how to block access to Kazaa with access-lists on a internet router.
Thanks.
09-18-2003 02:28 AM
Hi, Try
access-list 1 deny tcp any host 213.248.107.10 eq 1214
access-list 1 deny udp any host 213.248.107.10 eq 1214
Then place the access list on the inside interface:
access-group 1 in
Hope this helps - Jay
09-18-2003 03:13 AM
Thanks for the reply Jay, i have been looking through the forums and have found that kazaa2 uses different ports than 1214. The recommendation is to use NBAR to block the traffic.
If there is anyone who can supply a config to use NBAR on a internet router to block kazaa and P2P traffic while allowing all other traffic i would appreciate it.
Thanks.
09-18-2003 03:47 AM
Hi Paul -
Not too sure on Kazaa2 but if you want document on setting up NBAR then please check the following (for cisco router IOS 12.2 Main Line).
Thanks - Jay
09-20-2003 01:45 AM
Hi,
If it is not too much trouble, deploy a linux box with Snort IDS + a plugin for it, called SnortSam. SnortSam can do shunning for PIX and many other firewalls, so Snort will detect Kazaa2 (it has appropriate signatures for it) and will tell SnortSam to block destination IP address (you can block the source IP also but in this case the internal user won't access anything at all). SnortSam opens a telnet session to PIX and blocks the dest IP. The Snort's signature detects the download session of Kazaa only, so users can search Kazaa but as soon as they start download/upload Snort/SnortSam/PIX will block the session.
If you gonna do it bring the SnortSam config into non-threading mode, so it does not forget to unblock the dest. IP after some time.
I think it is much better this way than to deploy a router with NBAR just for this
Dmitry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide