P2P apps function by first optionally connecting to a central server to register their presence, and then connecting to peers (remote machines) on a specified port/s for downloads. We'll use the latter parameter (the port at which the P2P apps connect to the peers) to block Kazaa and Gnutella.
You can use any packet-filtering firewall, like ipchains or iptables in Linux or ISA Server in Win 2000 Server, to achieve this. We used BBIagent, a Linux router software that also has firewalling capabilities. (To set BBIagent, see Router on a Floppy, page 48, PCQuest, August 2002.) Once set up, launch the BBIagent Explorer as explained in the article. Then click on the Access Control tab to define the blocking rules.
Kazaa connects to other peers running Kazaa, on port 1214. So, the best way to block Kazaa downloads is to reject incoming and outgoing data packets-both TCP and UDP packets-on this port. To block TCP packets in BBIagent, go to Access Control. Here, in the Connection, Protocol and State drop-down menus, select Reject, TCP and All, respectively. In the text field labeled Service Port, type in 1214. Click the Insert button to add the rule.
|You can block downloads through Kazaa and Gnutella-based P2P apps by blocking the ports they use to connect to the peers|
To block UDP, insert the same rule as above, but select UDP from the Protocol drop-down list, in place of TCP. Henceforth, network users will be able to connect to Kazaa and search for content, but won't be able to download anything.
Block Gnutella clients
The P2P apps, which use the Gnutella network connect to peers on ports 6346 and 6347. We tried to block two such apps-Morpheus and Limewire. To do so, in the BBIagent Access Control section, as mentioned above, keep everything the same and enter 6346-6347 for the Service ports, and TCP for Protocol. Click on the Insert button to enable the rule. Create a similar rule for UDP traffic.