Sensor signatures may include instructions to block sources of a particular attack, whenever that attack is detected. It is also possible to have a trusted network device whose normal, expected behavior appears to be that attack. Sensor signatures can be set to ignore a particular perceived attack when its source is a trusted network device.
Using the Cisco Intrusion Detection System (IDS), these are the two signatures related to Kazaa:
11000: Kazaa version 2 User Datagram Protocol (UDP) client probe:
Kazaa is a common Peer-to-Peer (P2P) file sharing application distributed by Sharman Networks. Kazaa clients maintain a loosely meshed, decentralized network of systems sharing files. Certain nodes with sufficient bandwidth and resources serve as supernodes on the network providing a distributed search function.
Kazaa clients send UDP packets to various systems searching for another Kazaa peer. This signature fires when the keyword "Kazaa" is seen in a UDP packet destined for UDP port 1214 (SubSig 0), 1531 (SubSig 1), or from port 3861 (SubSig 2).
11005: Kazaa GET request
The signature fires when a client request to the default Kazaa server port (Transmission Control Protocol (TCP) 1214) is detected.
If you want to use a firewall, you can try to block ports UDP 1214, 1531 and 3861 TCP 1214.
Hi guys, A user has changed his AD password today, and now the AD account gets locked out all the time from the proxy. We think his session with the old password is open in any computer or server, but the problem is that the proxy longs don´t show wh...
Hello, We have a strange problem. We had a working Site-to-Site VPN to one of our offices which now doesn't work anymore.We are receiving data but not sending data out. If I do a packet tracer I get the following result : Phase: 12Type: VPN...
I just upgraded to Mac OS Catalina and Cisco AnyConnect 4.8 version and not able to connect anymore: Also went thru some recommendations on other threads (uninstall previous version, clear cache...) and same issue: It was working per...
Hi, Recently I have upgraded amp console to 6.3.5. But for some of the servers its still showing a old version in console. When I checked the server in amp, its stated at a right group and policy. Can any one help me on this ? Th...
We had to place a router between our ISP NTE and our firewall like so:ISP NTE > Cisco Router > Switch > stacked Firewall > Corp networkThe router is purely acting as a router and then connecting to a vlan on a switch which has 2x physica...