Artur Sampaio wrote:
Hi again, guys. I found a set of iptables rules that (at least in theory) block kazaa... What do you think about?
/sbin/iptables -A INSPECT -p TCP -m string --string "X-Kazaa-Username:" -j INSDROP /sbin/iptables -A INSPECT -p TCP -m string --string "X-Kazaa-Network:" -j INSDROP /sbin/iptables -A INSPECT -p TCP -m string --string "X-Kazaa-SupernodeIP:" -j INSDROP
Thanks a lot, one more time
(and, one more time, sorry for my english.... I promess that i try to
enhance it)
:)
Arthur,
looks like this rule may work. But you have to do some tests to see.. I suggest using Ethereal on the machine which shares the connection. Then look for data containing these strings.. If they really exist in the traffic , then they may work (never tested rules like those before , but if all the options are on man and these strings are really sent by kazaa, then they'll work)
But a little warning... try to sniff the network when you have traffic coming only from the w2k machine.. This will reduce the size of the capture log and make your job easier... Also I suggest you to save this dump to a faster machine and analyze it there....
-- Pedro Macedo
