Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Kazza and ISA server

From: "Cosme Morales" <cosme () geisha com mx>
Date: Mon, 25 Aug 2003 16:19:38 -0500
may you want to able only the web browsing, and the mail ports(25,110)
so you are going to have blocked by default that services.

in ISA server whatever is not allowed expresally is denied.

in your "protocols rule" only allow tcp for 80, 25 and 110, on a rule maybe
named "correct inet".
usually there are configured a rule named (Internet) than allows everything.

if you make a "protocol rule" than only allows what I mentioned, chance it
works like you want.

hope it works (I tested on my own ISA server) for you.

on dude mail me.

----- Original Message ----- 
From: "Maher Odeh" <rax () netvision net il>
To: "Alaa Shaheen" <Ashaheen () aedegypt org>;
<security-basics () securityfocus com>
Sent: Sunday, August 24, 2003 3:39 AM
Subject: RE: Kazza and ISA server


Taken from:
http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/802/qid/46481
4



First, I am not familiar with ISA server (mostly checkpoint) but, maybe
blocking access based on headers is a better way.
it is possible to make kazaa work with port 80 rather than 1214. So they
will pass.
But you may block certain headers like:
"GET /.hash*"
"UserAgent: KazaaClient"
"X-Kazaa*" (a few headers start with this)

And according to Microsoft, you can do this with URLScan Web Filter for
ISA:
http://download.microsoft.com/download/4/c/b/4cbe9a1f-8d97-4c71-b6b3-d96
7924981db/urlscan_readme.htm

I had no chance to try this at ISA server but I hope it works for you.

greetz,

Rule0

-----Original Message-----
From: Alaa Shaheen [mailto:Ashaheen () aedegypt org]
Sent: Friday, August 22, 2003 5:43 PM
To: security-basics () securityfocus com
Subject: Kazza and ISA server

Hi All

I am having a little problem of controlling the traffic passing through
my ISA server, specially the P2P file sharing programs such as Kazza and
Imesh

Did anyone knows how to block Kazza traffic using the ISA server ?

Thanks in advance for your help

Alaa Shaheen

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: