From: Chuck Church (cchurch@optonline.net)
Date: Wed Nov 27 2002 - 00:22:47 GMT-3
Allen,
Been playing with the new PDLM tonight a little. I didn't realize that
it created a new protocol called kazaa2, which doesn't get listed in the 'sh
ip nbar port-map'. Does show up in the 'sh ip nbar protocol-discovery'
though. I guess that makes sense, since it's not a port-dependant thing
now. But it still doesn't seem to work very well. It seems to recognize
some packets when searching in Kazaa, but none during the actual transfer.
Some packets are detected via the 'match protocol', but not in the 'sh ip
nbar protocol-discovery'. Anyway, I did add both the match protocol kazaa
and kazaa file-transfer "*" statements. But when I actually tried to block
those packets matching kazaa2, the searches still worked, indicating it has
a backup method if the first way doesn't work. This was with Kazaa 2.02.
Any luck on your end? I can't imagine rate-limiting just the queries would
have much of an effect, as the file xfer is what sucks up all the BW. I
assume this is a beta version of the PDLM?
Thanks,
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: "McClure, Allen" <Allen.McClure@Tricon-Yum.Com>
To: "Chuck Church" <cchurch@optonline.net>
Sent: Tuesday, November 26, 2002 11:30 AM
Subject: RE: Morpheus, Kazaa, Fasttrack
> Here ya go. I hope this helps. My understanding is that this uses
> something from fasttrack.pdlm, so you may need to match on that one
> too.
>
> I'm throwing the book at this thing (a bunch of match protocols,
> including a custom) and can't get it to respond. I've tried the
> blocking and choking approach as well.
>
> Let me know how it goes for you.
>
> Allen McClure
> MCSE, CCNP, CCDP
> YUM! Brands, Inc.
> Sr. Network Analyst
> NEW E-Mail - mailto:allen.mcclure@yum.com
> 972-338-7494
>
>
> -----Original Message-----
> From: Chuck Church [mailto:cchurch@optonline.net]
> Sent: Tuesday, November 26, 2002 10:24 AM
> To: McClure, Allen
> Subject: Re: Morpheus, Kazaa, Fasttrack
>
>
> Allen,
>
> Could you email me that new PDLM? I think my TAC engineer is on
> vacation. I've had some luck with adding some port numbers to the old
> one, maybe there's a combo that works better with this second one.
>
> Thanks,
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
>
>
> ----- Original Message -----
> From: "McClure, Allen" <Allen.McClure@Tricon-Yum.Com>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, November 26, 2002 10:34 AM
> Subject: OT: Morpheus, Kazaa, Fasttrack
>
>
> > Has anyone figured out how to successfully block or police this junk
> > yet? I've been messing with NBAR quite a bit and have even gotten a
> > new kazaa2.pdlm from Cisco TAC. VERY limited success.
> >
> > This is killing me. Can anyone shed light on a Cisco way of doing
> > this? I'm not concerned with old versions of the software or the 1214
> > port (doesn't work).
> >
> > Thanks in advance for any help!
> >
> > Allen McClure
> > MCSE, CCNP, CCDP
> >
> >
> >
> > This communication is confidential and may be legally privileged. If
> > you
> are
> > not the intended recipient, (i) please do not read or disclose to
> > others,
> (ii)
> > please notify the sender by reply mail, and (iii) please delete this
> > communication from your system. Failure to follow this process may be
>
> > unlawful. Thank you for your cooperation.
> >
>
>
>
>
> This communication is confidential and may be legally privileged. If you
are not the intended recipient, (i) please do not read or disclose to
others, (ii) please notify the sender by reply mail, and (iii) please delete
this communication from your system. Failure to follow this process may be
unlawful. Thank you for your cooperation.
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:11 GMT-3