Blocking Kazaa 2.0? 86
coder_ asks: "Has anyone had success blocking the latest versions of this annoying P2P application in a network-wide context? Previously, people have been told to block a specific port, etc, yet as expected, Kazaa has found an easy solution to this. Apparently, when a connection via default port is not available, Kazaa makes encrypted http requests through port 80, making it rather difficult to now block. If anyone has had success in doing so, I would love to hear from you."
What's it connecting to? (Score:5, Insightful)
Re:What's it connecting to? (Score:2, Informative)
Re:What's it connecting to? (Score:1)
Re:What's it connecting to? (Score:2)
Depends on the situation (Score:5, Insightful)
Um...No. (Score:2, Interesting)
write a decent AUP, periodically scan for mp3s and *bitchslap* anyone who breaks them.
Fear, uncertainty and doubt will cut it's usage.
Re:Depends on the situation (Score:2)
ideas... (Score:1, Flamebait)
If you are in a corporate or educational environment (and internet bandwidth is supposed to be a productive asset) - there are no precise technical solutions that you can use given the variety of transport options and changing protocols. A few options:
(1) Train your users not to use disallowed software, pointing out bandwidth problems. Then threaten, make the consequences clear (see if it improves). Then take action if bandwidth usage is still bad and start temporarily suspending accounts a day at a time - although double-check they aren't using bandwidth for legitimate purposes first.
(2) Throttle bandwidth based on average usage over the past hour or so with walking averages. I'm sure this would be easy to set up with a software firewall. After a long leaching session, see how they enjoy the internet at 1 kbit/s.
Re:ideas... (Score:2)
Re:ideas... (Score:3, Insightful)
Re:ideas... (Score:2)
Re:ideas... (Score:2)
Re:ideas... (Score:2)
There are 2 obvious solutions to the problem.
Their business is valuable, but is it valuable enough to justify the legal liability?
I don't really care what they download--that's their business. It's when they start (re)distributing copyrighted material from an IP that we're legally responsible for. The customer is paying for bandwidth and I, personally, think they deserve the right to do whatever they want with it, as long as they're not infringing on the rights of others. If we don't stop the customer, we're just an accessory to the crime.
No, I dont' work for or even like the RIAA. Neither do I own any audio CDs nor do I have any MP3s. I don't sympathize with them at all. They've screwed up their own business and that of their employees (the artists).
Re:ideas... (Score:2)
Re:ideas... (Score:2)
Packeteer (Score:5, Informative)
More information needed (Score:4, Informative)
That said, there are *plenty* of approaches to the problem of killing KaZaA (and KaZaA Lite), but they rather depend on the network infrastructure. You certainly need to filter the standard ports used by the program, and forcing all port 80 traffic through a filtering proxy server nay be of use. Also, P2P in general seems to need a fair amount of UDP traffic - depending on your setup it might be possible to restrict that to just those ports you require.
Why not just use Web proxies (Score:5, Insightful)
If you've got every box in the company NATd then you are being hoisted by your own petard really.
Giving Lusers software installation rights on terminals may save you some annoying "but I need MSN" bullshit but when they cram Bonzi Buddy and whatever other crap they can find in there you are risking your network and pushing your support costs up.
I'd rather be seen as some sort of network nazi than have to try and use ssh into a remote site at 1 second per character. I found who was running Napster and since that day I'm the annoying guy that curtails people's "rights" and "freedoms".
If you want a compromise let one machine be a p2p client. You can get Gnutella clients with a web front end so anyone on the LAN can submit queries on the same box and then throttle that box's bandwith during working hours & let it roam free when the bandwith is underutilized.
If people kick up a fuss, sack them.
Re:Why not just use Web proxies (Score:1)
Please, get a clue.
The Internet is going to evolve into much more than mere websurfing. And I personally see IM as a very good way to communicate. It is a lot less invading than a telephone call, and a lot quicker than an e-mail.
IM can use proxies (Score:3, Insightful)
web services are being built on HTTP *because* of proxies.
Re:Why not just use Web proxies (Score:1)
Re:Why not just use Web proxies (Score:2)
While I tend to agree with you in general (if your at work use the network for work). The fact is P2P should not be choking anything if your network admin knows what he's doing. By using QOS and traffic shaping any service not specifically reserved bandwidth should not be able to crowd out necessary services.
Re:Why not just use Web proxies (Score:3, Interesting)
Specifically enabling a P2P app to traverse your network sounds like an invitation to the BSA for a visit or an opportunity for RIAA lawyers to earn their pay.
There is no place for Kazaa or eDonkey on a commercial network.
Re:Why not just use Web proxies (Score:2)
there are plenty of legitimate uses for kazaa...
also, the previous poster was not suggested specifically enabling any p2p apps, just setting up QOS so the important apps have priority, and anything else can fight for the rest of the bandwidth
sounds like a good way to keep the important stuff going, and the non important stuff out of your hair
Re:Why not just use Web proxies (Score:2)
Also, I would be concerned that a P2P app like Kazaa would "hijack" important ports.
Re:Why not just use Web proxies (Score:3, Insightful)
Yeah, web pages often paid by the author. Web pages where the auther has to pay bandwidth fees. Web pages whose bandwidth may be saturated to the max. Sure, there are organizations which are willing to host software for free (like SourceForge), but for various reasons some authors may not want (or be able) to host their site at such places. Not to mention, I'm sure VA pays a lot of money for bandwith and administration of SourceForge--as do other sites.
P2P systems allow the users to help share the costs of bandwidth, and if the scumbags hadn't sued every maker of communications software called "P2P" or "file sharing", we'd probably have a P2P CVS type system too, among other things. And the reason "nobody is using Kazaa for legitimate purposes" is because the RIAA basicly said it was okay for "the fans" to "trade" music--they just demonized the people who made any sort of file sharing software. Though I doubt every user of Kazaa is using it for illegitimate purposes. I'm sure you'd say the same thing about Napster, but I know the band Betty's Trash was using it to publish their music [aol.com]. Unless you think it should be illegal for an independent band to publish their music.
I assume you mean it would use up all the bandwith and use ports in such a way as to not allow blocking it. Yeah, that's a problem. People shouldn't use up bandwith they're not entitled to.
Re:Why not just use Web proxies (Score:1, Troll)
Let's see a quote where RIAA said that music sharing was legal. I suppose the arrest of those cadets at the US Naval Academy for sharing music was a sign of music publishers "approval" of file sharing.
Unless you are completely delusional, there is no way that you can assert and signifigant percentage of Kazaa traffic is used to distribute material other than pirated music, porn, and software.
Your examples of garage bands that have used P2P as a free distributional are heart warming -- but they are exception rather than the rule.
P2P and how the RIAA screwed up. (Score:2)
You are a stupid troll. I didn't say they said "music sharing" was legal, I said they basicly said it was okay for the "fans" to do it. I can't find the specific article, but this one [com.com] talks around it. In the article, their lawyer says: "But I don't think Metallica is going to sue fans, period, unless there's been wholesale infringement."
In the article I was looking for, someone from the RIAA said they didn't want to prosecute any "fans", but go after universities (for merely providing internet access!) and Napster. It's apparently much older, because it was before Metallica even sent names to Napster. (and just getting people banned from one service doesn't do much to stop the illegal activity.)
If they really wanted the blatant copyright infringement to stop, they could've sent letters threatening to sue. It worked for Verison when they did it to webmasters of Star Trek fan web sites. The RIAA's inaction against the people actually doing the crime has led to such myths that it is "fair use" to copy entire CDs and movies over the internet without permission as long as one doesn't profit. Plus many of the people know it's illegal don't care because they think no one will try to punish them.
The backhanded methods of DMCA complains, suing service providers, distribuing trojaned CDs, flooding the networks with crap, &etc have just made the problems worse. Many people don't respect them or their copyrights anymore. If they would have acted resonably and appropriately, some people would have probably even helped by reporting infringers. Even if they started suing and prosecuting those who are actually doing the infringing, they won't do much good, and they'll have an uphill battle.
Most of those service providers they sued or tried to sue didn't even do anything wrong. Just think if this mess happened ten or twenty years ago. We wouldn't have HTTP, FTP, email, or any other networking protocols, (or probably even hard drives / CD burners) because they may potentially be used to infringe copyrights.
They were arrested? Where was that story? The one I read said they were kicked out of school, and it was very recent. See above why it isn't effective at this point. Most people who read it probably didn't care--even if they were hardcore Napster users hosting Metallica songs.
For a while the same could be said about HTTP. You are using that protocol to download the pages off this site. Do you think we should make the web illegal too?
What's wrong with porn? Maybe in Taliban infested areas they'll arrest you or kill you for possessing it, but I see nothing wrong with it, and in areas the Taliban is weak, it is perfectly legal.
Re:P2P and how the RIAA screwed up. (Score:2)
Yeah, but if some people take nekkid pictures of themselves and post them on a P2P network, they imply permission to copy it. Any dumbfuck with a digital camera or camcorder can make porn and upload it to the internet.
I was favoring higher quality and a long video with those figures. One could probably encode the file at 10 kB/s and still have reasonably decent video with some codecs. One could put together a workable computer for $500 if need be.
Your assumption that all the pr0n on the internet is made by some pay site who doesn't want it redistributed is shit. It doesn't take that much effort to produce it. The problem is many of the people who upload the material don't know anything about copyright law, so they don't indicate anywhere that you have permission to copy it. Yes, some of the files traded are used without the author's consent, but to automatically assume they all are is bogus shit.
With your mentality, you are violating copyright law, because for all you know, all the information on Slashdot is copyrighted by others and you don't have permission to download it. How can you be sure Slashdot, CNN, IMDB, Yahoo, and all the other sites really have permission to publish or own the material? Hmmm? How do you know a book, CD, DVD, or program you buy at the store were really published with the permisson of the copyright owner? :-P~~
Re:Why not just use Web proxies (Score:2)
Re:Why not just use Web proxies (Score:1)
Password:
router# conf t
router#(config)# ip access-list extended TRAFFIC-SHAPING
router(config-ext-nacl)# permit tcp any any estab
router(config-ext-nacl)# permit tcp any host 66.35.250.150 eq 80
router(config-ext-nacl)# deny ip any any log
router(config-ext-nacl)# exit
router(config)# exit
router# disable
router> exit
Re:Why not just use Web proxies (Score:1)
With the number of ISPs implementing transparent proxies upstream of their clients, I would risk saying that kazaa must have something in place to circumvent the proxy.
Please excuse my lack of technical insight. I'm just part of a user comitee of an institution struggeling against malicious abusers.
Users should not install software. Period. (Score:3, Interesting)
Re:Users should not install software. Period. (Score:1)
Exactly - it might not be the popular answer, but you are there to work. It sucks, but it is somebody else's money that's going into your pockets or bank account or whatever. It's their machines, their network, their time, their money. You're just a very expensive body which if they could figure out a way to replace you, they wod.
Mind you, I've seen this go in bad directions - I worked for one company that was so closed minded that it hurt productivity because they refused to even examine the acquisition of new versions of tools.
But P2P stuff? I don't see any reason for needing this on your desktop at all at work. Considering the last thing you need are the RIAA or MPAA cops or even your national police force coming in with a warrant for your arrest. That kind of negative PR can really mess up a company.
If you really have a great desire to get your hands on the N'Sync single, wait until you get home, or borrow it from one of your friends. Sheesh.
The Internet = the web (Score:1)
This is the "Blocking KaZaA" thread. You want "Stupid Security" further up the page.
it's about manageability (Score:2)
Re:Why not just use Web proxies (Score:1)
HTTP access at work... just firewall port 80
and be done with it.
(As an added bonus, this offers protection
against the expenses associated with viewing of
pr0n, political subversion, and posting to
slashdot on the company dime.)
Fire 'em (Score:5, Funny)
Three suggestions:
NOTE: I am not a SysAdmin, but these options are from a layman's POV.
LART (Score:2)
From there, all you need is a good application of some LART to the user of said p2p software, preferably in the form of disciplinary (read: vigilante) action.
Of course, everyone will probably think you're an asshole. This is best mitigated by having an official policy behind you. That, or you can just LART everyone into submission.
Carrot-stick approach? (Score:3, Funny)
But the traffic is large and constant. Are they streaming radio, Kazaa'ing? I dont know. But they do want IMAP access to mailservers - doing SSH to a unix box and running 'pine' isn't enough for them - they want clicky clicky. So here's the deal. If that constant traffic goes, and it just looks like you are browsing, I'll enable IMAP access. Streaming traffic disappears.
All I need do is keep an eye on the packet counts. And save a stick for later - they're bound to want to use our printers at thesis-delivery time...
Re:Carrot-stick approach? (Score:2)
Bear in mind that under our Uni rules they have no right to a network point at all. I've already stepped over the line for them and asked them nicely not to abuse the connection with Kazaa et al.
Of course, calling me an obnoxious twat makes you seem more the arsehole. And a coward.
Education (Score:2, Informative)
That's what I was going to say... (Score:1)
Filtering by content, not by port? (Score:1)
CAR (Score:1)
a more polite solution (perhaps) (Score:1)
However, I believe that for each measure there will be a counter-measure and at some point it actually hurts either productivity or freedom of users. Well, while 'freedom' is not necessarily what the users should have in a computing environment, it may hinder creativity in the sense that each time somebody has some free time and likes to try some crazy idea he has to ask for permission, and will most likely be disencouraged tampering with the system.
Depending on how serious the problem is, I would try arguing with people, asking for integrity and common sense instead of imposing rules. If the problem is serious, however, go ahead and block everything which is not on the 'positive' list. To stop unwanted traffic, allow only high volume traffic to a list of 'allowed' ip addresses.
If traffice exceeds the allowed amount, you can make your proxy return a polite message instead of the wanted content.
IDS (Score:2)
Issues to consider (Score:3, Interesting)
Typically, I've heard of ISPs sending notices to customers asking them to remove the offending material. If the customer continues to download/share copyrighted material most ISPs will terminate the customers account. If the bandwidth isn't an issue and the customers business is valuable, it would make more sense to block Kazaa (for that customer; if you can't get them to stop sharing copyrighted content).
I did some googling in mid-November of last year and came across some interesting usenet posts relating to the topic. One poster went through all the normal ports that Kazaa used and blocked each one. Then s/he noticed that it used port 80. Later I ran into some docs where someone was using iptables (there was a post on one of the snort mailing lists about this as well) to block Kazaa traffic using '-m' and the 'X-Kazaa' header that it uses. I haven't had time to play with this though.
Good luck and please let us know what you find.
Commercial Shaper (Score:3, Informative)
The hard way: you could do it with a firewall, policy based routing or a L4 switch, and a transparent web proxy, but setup would be a bitch and if you are an ISP, you're going to have a lot of other headaches with a web proxy other than kazaa 2.
The easiest way to successfully bandwidth-limit or block kazaa 2 clients as far as I have seen is by using one of the commercial traffic shaping hardware or software solutions that have the capability of looking at stuff higher than L4. packeteer, et/bwmgr for linux or freebsd, etc. are software tools that do this, and there is hardware such as L7 switches that can accomplish similar feats also.
I haven't looked in a while at the new/upcoming Linux and BSD OS's ip matching rules. It's possible that there is now enough matchers to successfully block or bandwidth kazaa 2 on them, so it may still be worth investigating in lieu of paying big bucks for shaper hardware/software.
~GoRK
DMCA (Score:2)
2) Watch for Kazaa connection switching to port 80
3) Sue under DMCA for circumventing your protection
Re:DMCA (Score:2)
2) Watch for Kazaa connection switching to port 80
3) Sue under DMCA for circumventing your protection
4) Profit!
Re:DMCA (Score:1)
4) Profit!!!!
Err...this is a pretty easy one (Score:3, Insightful)
Of course, this is yet another stopgap solution, just like blocking the original port. When Kazaa 3 or whatever moves to 443, you're going to be pretty much SOL. That's just the way the Internet works. Information tends to move around.
That's kind of too bad -- I'd love nothing more than to see Kazaa, the last of the major closed P2P protocols, go belly-up. I'm definitely rooting for the RIAA/MPAA on this one. Once it dies, people will be using open protocols.
My attitude is pretty much that you're better off throttling the bajeezus out of their traffic -- they exceed a quota, you clamp down on their rate. Trying to *block* something simply makes people try more solutions until they get around it, whereas data trickling in or out will usually keep them happy enough not to cause too many problems. The human side of things kind of has to be considered here.
I'd also like to say that I really loathe transparent proxies (nothing wrong with opaque proxies -- I run one myself -- but *forcing* the user to do something just causes problems). I also hate people that firewall *anything* outgoing, and most things incoming. Causes lots of pain to the user, and not a lot of long term benefit. Eventually, everything except 80 outbound and 443 outbound are going to be firewalled. Then everything will end up using SOAP or tunneling over 443 to communicate just to get by. As a result, in a few years the Internet will be slower and less reliable, and security and ability to "control" what users do will be less there.
My interests and work tend to lie in security, and I *still* think that most security-oriented admins have their heads up their asses. What's needed is a *good* fix, not a slapdash thing like firewalling off a port or two. Kazaa uses too much bandwidth? Provide an alternative that costs you less (a la the school that wanted to reduce P2P bandwidth -- they made a P2P filesharing app that only talked to other machines on the school network). Trying to perfectly control human behavior hasn't been practical since the dawn of time, and the introduction of the computer isn't going to make it suddenly feasible.
Re:Err...this is a pretty easy one (Score:1)
been there. done that. Ok so it wasn't the school that did it and they offically do not approve it's usage of course but I had a group of friends that went ahead and did just that created a gnutella clone that worked only in the schools class B IP range and it works beautifully. It's now in the hands of new maintainers and 4th generation.
Bandwidth usage is better (although last time I heard the connection was at nearly 100% usage for most of the waking hours) and best of all people don't have to go out to the internet to download their favorite Pr0n^N^N^N^N educational information
-CH
easy solution (Score:2)
Uninstall KaZaA from the computers, then block kazaa.com (and the other major filesharing program sites). That'll stop the vast majority of users from reinstalling it.
Blocking Wont Stop Many. But NT Policys will. (Score:2)
What needs to be done is lock down via polices to prevent users from running anything that isnt on 'the list'..
Instant solution for a business that has a NT Domain or AD network...
Monitor and Bill (Score:2)
As someone has already stated, the blocking/counter-blocking cycle can go on forever, so the only real way to solve the problem is through social engineering. For that, there's nothing quite as effective as hitting them where it hurts: right in the wallet!
I don't know if that's a viable solution in your particular situation or not, but that's certainly the angle I would be persuing in your situation. It may simply be enough to add such a clause in your AUP and make sure everyone is advised of it, but in most situations it's helpful to make an example or two (per year, if you're at a school).
Solution to bandwidth probs (Score:1)
This cuts the duplicate files coming in on Kazaa. Sounds silly but it works.
The reason we don't mind Kazaa is we pay for 3Gb/month, what we don't use is lost so we pull in what we can at the end of the month.
Solution to banners/popups/spyware probs (Score:1)
NB: Updated hosts files are available on Kaz itself!
I tried to post it below but the fsckin lameness filter squishes it!
Re:Solution to bandwidth probs (Score:2)
Re:Solution to bandwidth probs (Score:1)
Rhetoric like this only misses the point.
The downloads are going to happen. One way cuts down the bandwidth use drastically.
Leave the nonsense out of it.
Solution - inspect packets with Linux (Score:3, Informative)
[gliwice.pl]
Solution was invented while ago. Just block/trafshape any packets with X-Kazaa string. Like that:
iptables -t mangle -I FORWARD 1 -i eth0 -m recent --update --seconds 60 --rdest --name kazaa -j kazza-out
iptables -t mangle -I FORWARD 2 -i eth1 -m recent --update --seconds 60 --rsource --name kazaa
iptables -t mangle -I FORWARD 3 -i eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rsource
iptables -t mangle -I FORWARD 4 -o eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rdest -j kazza-out
(You may want to change "Kazaa" into mixed-case version. But you KNOW that. You have analized Kazaa packets, you know how kazaa's headers look like. You are netadmin, don't you?)
Re: (Score:1)
Easily solved (Score:1)