From: McClure, Allen (Allen.McClure@Tricon-Yum.Com)
Date: Wed Nov 27 2002 - 11:05:21 GMT-3
It is a beta PDLM. I've not had any success with it either =\
Allen McClure
MCSE, CCNP, CCDP
YUM! Brands, Inc.
Sr. Network Analyst
NEW E-Mail - mailto:allen.mcclure@yum.com
972-338-7494
-----Original Message-----
From: Chuck Church [mailto:cchurch@optonline.net]
Sent: Tuesday, November 26, 2002 9:23 PM
To: McClure, Allen; ccielab@groupstudy.com
Subject: OT: Blocking Kazaa, new PDLM
Allen,
Been playing with the new PDLM tonight a little. I didn't realize
that it created a new protocol called kazaa2, which doesn't get listed
in the 'sh ip nbar port-map'. Does show up in the 'sh ip nbar
protocol-discovery' though. I guess that makes sense, since it's not a
port-dependant thing now. But it still doesn't seem to work very well.
It seems to recognize some packets when searching in Kazaa, but none
during the actual transfer. Some packets are detected via the 'match
protocol', but not in the 'sh ip nbar protocol-discovery'. Anyway, I
did add both the match protocol kazaa and kazaa file-transfer "*"
statements. But when I actually tried to block those packets matching
kazaa2, the searches still worked, indicating it has a backup method if
the first way doesn't work. This was with Kazaa 2.02. Any luck on your
end? I can't imagine rate-limiting just the queries would have much of
an effect, as the file xfer is what sucks up all the BW. I assume this
is a beta version of the PDLM?
Thanks,
Chuck Church
CCIE #8776, MCNE, MCSE
----- Original Message -----
From: "McClure, Allen" <Allen.McClure@Tricon-Yum.Com>
To: "Chuck Church" <cchurch@optonline.net>
Sent: Tuesday, November 26, 2002 11:30 AM
Subject: RE: Morpheus, Kazaa, Fasttrack
> Here ya go. I hope this helps. My understanding is that this uses
> something from fasttrack.pdlm, so you may need to match on that one
> too.
>
> I'm throwing the book at this thing (a bunch of match protocols,
> including a custom) and can't get it to respond. I've tried the
> blocking and choking approach as well.
>
> Let me know how it goes for you.
>
> Allen McClure
> MCSE, CCNP, CCDP
> YUM! Brands, Inc.
> Sr. Network Analyst
> NEW E-Mail - mailto:allen.mcclure@yum.com
> 972-338-7494
>
>
> -----Original Message-----
> From: Chuck Church [mailto:cchurch@optonline.net]
> Sent: Tuesday, November 26, 2002 10:24 AM
> To: McClure, Allen
> Subject: Re: Morpheus, Kazaa, Fasttrack
>
>
> Allen,
>
> Could you email me that new PDLM? I think my TAC engineer is on
> vacation. I've had some luck with adding some port numbers to the old
> one, maybe there's a combo that works better with this second one.
>
> Thanks,
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
>
>
> ----- Original Message -----
> From: "McClure, Allen" <Allen.McClure@Tricon-Yum.Com>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, November 26, 2002 10:34 AM
> Subject: OT: Morpheus, Kazaa, Fasttrack
>
>
> > Has anyone figured out how to successfully block or police this junk
> > yet? I've been messing with NBAR quite a bit and have even gotten a
> > new kazaa2.pdlm from Cisco TAC. VERY limited success.
> >
> > This is killing me. Can anyone shed light on a Cisco way of doing
> > this? I'm not concerned with old versions of the software or the
> > 1214 port (doesn't work).
> >
> > Thanks in advance for any help!
> >
> > Allen McClure
> > MCSE, CCNP, CCDP
> >
> >
> >
> > This communication is confidential and may be legally privileged.
> > If you
> are
> > not the intended recipient, (i) please do not read or disclose to
> > others,
> (ii)
> > please notify the sender by reply mail, and (iii) please delete this
> > communication from your system. Failure to follow this process may
> > be
>
> > unlawful. Thank you for your cooperation.
> >
>
>
>
>
> This communication is confidential and may be legally privileged. If
> you
are not the intended recipient, (i) please do not read or disclose to
others, (ii) please notify the sender by reply mail, and (iii) please
delete this communication from your system. Failure to follow this
process may be unlawful. Thank you for your cooperation.
>
This communication is confidential and may be legally privileged. If you are not the intended recipient, (i) please do not read or disclose to others, (ii) please notify the sender by reply mail, and (iii) please delete this communication from your system. Failure to follow this process may be unlawful. Thank you for your cooperation.
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:11 GMT-3