Security Basics mailing list archives

RE: Kazza and ISA server

From: Tim Donahue <TDonahue () haynesconstruction com>
Date: Tue, 26 Aug 2003 12:07:45 -0400

The best way to block these services is generally to deny access to the
server that they are trying to connect to.  I have tried blocking them, but
got side tracked from that project and never got back to it.  I have heard
(I think on this list) that is is possible to do if you put the time into
it.  I would probably start with a google search, there may be lists of the
servers out there to give you a good starting point.

Tim Donahue

-----Original Message-----
From: Shaikh Al Hadi Rasool [mailto:sahadir () precience com] 
Sent: Tuesday, August 26, 2003 1:36 AM
To: Maher Odeh; Alaa Shaheen; security-basics () securityfocus com
Subject: Re: Kazza and ISA server


Hi All,

Anyone has an idea how to block Instant messaging service like (MSN =
messanger,Yahoo messanger Aol instant messanger etc,etc  through ISA =
Server. And can anybody tell me how to restrict FTP and give on the user a =
scheduler basis permission of FTP through ISA Server. Example if i = wanted
to give a user permission by the clock 11 in the morning till 1 = pm only
then a user can download. or they have the FTP permission = enabled.

Thanks,
Shaikh Al Hadi Rasool.







----- Original Message -----
From: "Maher Odeh" <rax () netvision net il>
To: "Alaa Shaheen" <Ashaheen () aedegypt org>;
<security-basics () securityfocus com>
Sent: Sunday, August 24, 2003 1:39 PM
Subject: RE: Kazza and ISA server

Taken from: 
http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/802/qid/464
81
4



First, I am not familiar with ISA server (mostly checkpoint) but, 
maybe blocking access based on headers is a better way. it is possible 
to make kazaa work with port 80 rather than 1214. So they will pass.
But you may block certain headers like:
"GET /.hash*"
"UserAgent: KazaaClient"
"X-Kazaa*" (a few headers start with this)

And according to Microsoft, you can do this with URLScan Web Filter 
for
ISA:
http://download.microsoft.com/download/4/c/b/4cbe9a1f-8d97-4c71-b6b3-d96
7924981db/urlscan_readme.htm

I had no chance to try this at ISA server but I hope it works for you.

greetz,

Rule0

-----Original Message-----
From: Alaa Shaheen [mailto:Ashaheen () aedegypt org]
Sent: Friday, August 22, 2003 5:43 PM
To: security-basics () securityfocus com
Subject: Kazza and ISA server

Hi All

I am having a little problem of controlling the traffic passing 
through my ISA server, specially the P2P file sharing programs such as 
Kazza and Imesh

Did anyone knows how to block Kazza traffic using the ISA server ?

Thanks in advance for your help

Alaa Shaheen

----------------------------------------------------------------------
--
---
------------------------------------------------------------------------
----




----------------------------------------------------------------------
----

Attend Black Hat Briefings & Training Federal, September 29-30 
(Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's 
premier technical IT security event.  Modeled after the famous Black 
Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers 
and sponsors. Symantec is the Diamond sponsor.  Early-bird 
registration ends September

6.Visit us: www.blackhat.com

----------------------------------------------------------------------
----

--


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Kazza and ISA server Alaa Shaheen (Aug 22)
- <Possible follow-ups>
- RE: Kazza and ISA server Joey Peloquin (Aug 25)
  - Re: Kazza and ISA server Shaikh Al Hadi Rasool (Aug 26)
- RE: Kazza and ISA server Maher Odeh (Aug 25)
  - Re: Kazza and ISA server Shaikh Al Hadi Rasool (Aug 26)
  - Re: Kazza and ISA server Cosme Morales (Aug 26)
- RE: Kazza and ISA server Maher Odeh (Aug 26)
- RE: Kazza and ISA server Tony Fondo (Aug 26)
- Re: Kazza and ISA server Marc Ciel (Aug 26)
- RE: Kazza and ISA server Tim Donahue (Aug 26)