Blocking P2P apps
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 May 2004 19:06:24 -0500
Hi CyberQuest,
The problem with blocking P2P apps, like the dreaded Kazaa, is that they
use methods to scan the firewall and find an available port. They will
use a default port, but if that default port is not available, then it
will use an alternate port. Kazaa will end up using TCP 80 if it can't
access any other port. This makes it very difficult to whack Kazaa like
apps because if they use an alternate port, other than TCP 80, you have
to perform deep inspection of every packet going outbound through the
firewall. There are products that do just this, like the Akonix L7 for
ISA Server solution.
On the other hand, if you restrict your users to just TCP 80 and use ISA
Server 2004 advanced HTTP security filter, you can check the HTTP
headers and block the connections that contain the P2P headers. I've
done this already with ISA Server 2004 and it works a treat! The
drawback is the users who you want to block in this way must be
restricted to HTTP *only*.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <outbind://32/www.isaserver.org/shinder>
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
Other related posts:
