Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Kazza and ISA server

From: "Stuart" <secmail () patchsupplier dyndns org>
Date: Sat, 30 Aug 2003 11:10:58 +0100
Hi,

www.isaserver.org is a brilliant resource for ISA server information.
There is an article on there about blocking kazaa and in the forums
there is also information about blocking kazaa. There are microsoft
newsgroups that can be accessed from news.microsoft.com (if you don't
have an nntp server) which are microsoft.public.isa.* *there are a few
groups such as client , server config and so on.

Hope this helps

Stu

-----Original Message-----
From: Tim Donahue [mailto:TDonahue () haynesconstruction com] 
Sent: 26 August 2003 17:08
To: 'Shaikh Al Hadi Rasool'
Cc: 'security-basics () securityfocus com'
Subject: RE: Kazza and ISA server


The best way to block these services is generally to deny access to the
server that they are trying to connect to.  I have tried blocking them,
but got side tracked from that project and never got back to it.  I have
heard (I think on this list) that is is possible to do if you put the
time into it.  I would probably start with a google search, there may be
lists of the servers out there to give you a good starting point.

Tim Donahue

-----Original Message-----
From: Shaikh Al Hadi Rasool [mailto:sahadir () precience com] 
Sent: Tuesday, August 26, 2003 1:36 AM
To: Maher Odeh; Alaa Shaheen; security-basics () securityfocus com
Subject: Re: Kazza and ISA server


Hi All,

Anyone has an idea how to block Instant messaging service like (MSN =
messanger,Yahoo messanger Aol instant messanger etc,etc  through ISA =
Server. And can anybody tell me how to restrict FTP and give on the user
a = scheduler basis permission of FTP through ISA Server. Example if i =
wanted to give a user permission by the clock 11 in the morning till 1 =
pm only then a user can download. or they have the FTP permission =
enabled.

Thanks,
Shaikh Al Hadi Rasool.







----- Original Message -----
From: "Maher Odeh" <rax () netvision net il>
To: "Alaa Shaheen" <Ashaheen () aedegypt org>;
<security-basics () securityfocus com>
Sent: Sunday, August 24, 2003 1:39 PM
Subject: RE: Kazza and ISA server



Taken from:
http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/21/pid/802/qid/464
81
4



First, I am not familiar with ISA server (mostly checkpoint) but,
maybe blocking access based on headers is a better way. it is possible



to make kazaa work with port 80 rather than 1214. So they will pass.
But you may block certain headers like:
"GET /.hash*"
"UserAgent: KazaaClient"
"X-Kazaa*" (a few headers start with this)

And according to Microsoft, you can do this with URLScan Web Filter
for
ISA:


http://download.microsoft.com/download/4/c/b/4cbe9a1f-8d97-4c71-b6b3-d96

7924981db/urlscan_readme.htm

I had no chance to try this at ISA server but I hope it works for you.

greetz,

Rule0

-----Original Message-----
From: Alaa Shaheen [mailto:Ashaheen () aedegypt org]
Sent: Friday, August 22, 2003 5:43 PM
To: security-basics () securityfocus com
Subject: Kazza and ISA server

Hi All

I am having a little problem of controlling the traffic passing
through my ISA server, specially the P2P file sharing programs such as



Kazza and Imesh

Did anyone knows how to block Kazza traffic using the ISA server ?

Thanks in advance for your help

Alaa Shaheen

----------------------------------------------------------------------
--
---
----------------------------------------------------------------------
--
----




----------------------------------------------------------------------
----

-

Attend Black Hat Briefings & Training Federal, September 29-30
(Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's 
premier technical IT security event.  Modeled after the famous Black 
Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers 
and sponsors. Symantec is the Diamond sponsor.  Early-bird 
registration ends September

6.Visit us: www.blackhat.com

----------------------------------------------------------------------
----

--


------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----


------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: