Security Basics mailing list archives
Re: Kazza and ISA server
From: "Cosme Morales" <cosme () geisha com mx>
Date: Mon, 25 Aug 2003 16:19:38 -0500
may you want to able only the web browsing, and the mail ports(25,110) so you are going to have blocked by default that services. in ISA server whatever is not allowed expresally is denied. in your "protocols rule" only allow tcp for 80, 25 and 110, on a rule maybe named "correct inet". usually there are configured a rule named (Internet) than allows everything. if you make a "protocol rule" than only allows what I mentioned, chance it works like you want. hope it works (I tested on my own ISA server) for you. on dude mail me. ----- Original Message ----- From: "Maher Odeh" <rax () netvision net il> To: "Alaa Shaheen" <Ashaheen () aedegypt org>; <security-basics () securityfocus com> Sent: Sunday, August 24, 2003 3:39 AM Subject: RE: Kazza and ISA server Taken from: http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/802/qid/46481 4 First, I am not familiar with ISA server (mostly checkpoint) but, maybe blocking access based on headers is a better way. it is possible to make kazaa work with port 80 rather than 1214. So they will pass. But you may block certain headers like: "GET /.hash*" "UserAgent: KazaaClient" "X-Kazaa*" (a few headers start with this) And according to Microsoft, you can do this with URLScan Web Filter for ISA: http://download.microsoft.com/download/4/c/b/4cbe9a1f-8d97-4c71-b6b3-d96 7924981db/urlscan_readme.htm I had no chance to try this at ISA server but I hope it works for you. greetz, Rule0 -----Original Message----- From: Alaa Shaheen [mailto:Ashaheen () aedegypt org] Sent: Friday, August 22, 2003 5:43 PM To: security-basics () securityfocus com Subject: Kazza and ISA server Hi All I am having a little problem of controlling the traffic passing through my ISA server, specially the P2P file sharing programs such as Kazza and Imesh Did anyone knows how to block Kazza traffic using the ISA server ? Thanks in advance for your help Alaa Shaheen ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Kazza and ISA server Alaa Shaheen (Aug 22)
- <Possible follow-ups>
- RE: Kazza and ISA server Joey Peloquin (Aug 25)
- Re: Kazza and ISA server Shaikh Al Hadi Rasool (Aug 26)
- RE: Kazza and ISA server Maher Odeh (Aug 25)
- Re: Kazza and ISA server Shaikh Al Hadi Rasool (Aug 26)
- Re: Kazza and ISA server Cosme Morales (Aug 26)
- RE: Kazza and ISA server Maher Odeh (Aug 26)
- RE: Kazza and ISA server Tony Fondo (Aug 26)
- Re: Kazza and ISA server Marc Ciel (Aug 26)
- RE: Kazza and ISA server Tim Donahue (Aug 26)