How Kazaa Works The inner workings of Kazaa and other Peer-2-Peer technologies By Troy Jessup

Terms of Use Use of this presentation is granted to education and non- profit entities for education in security topics as described herein. The following limitations and restrictions apply: –The content of this presentation remain unchanged from its original published format, except for updates to the content for accuracy or current tactics/trends –Any changes made to the presentation are understood to not be the original work of the author, and noted in the presentation as such. –Credit to the author is retained as-is in the original presentation format. –Use by “for profit” or “commercial” entities must be granted permission by the author, and are subject to further restrictions.

About the Author Troy Jessup (CISSP) –Sr. Security Analyst for the Utah Education Network –Security Professional for 6 years –Author of Security related articles and information available free to the public at the URL listed below. –Updates to this and other presentations are available via the website:

The History Kazaa Version 1 –Basic Design in Peer to Peer (P2P) –Followed in the footsteps of Napster –Static use of Port 1214/TCP for access

The Present Kazaa Version 2 –Basic Design in Peer to Peer (P2P) –Follows in the footsteps of Gnutella and Napster –Dynamic use of Port nearly ANY port for access –Block and Firewall Evasion Built in.

How Kazaa v2 Works Kazaa Client on your Network The Kazaa Network Kazaa Client on a Remote Network Normal File Sharing Concept for Kazaa Version 2 File List This Client Registers itself on Port 1214/TCP with the Kazaa Network This Client Sends a List of Shared Files to the Network This Client Searches for a File which the other client has available The Network Responds with a Client ID to connect to for the file The Client Initiates a Connection to the Hosting Client This client Responds to the request and sends back the file

File List How Kazaa v2 Works – Blocked From the Outside Kazaa Client on your Network The Kazaa Network Kazaa Client on a Remote Network What Happens if we Try to Block Port 1214/TCP This Client Registers itself on Port 1214/TCP with the Kazaa Network This Client Sends a List of Shared Files to the Network This Client Searches for a File which the other client has available The Network Responds with a Client ID to connect to for the file The Client Initiates a Connection to the Hosting Client and is Blocked This client PUSHES the File to the other Client Firewall X This Client Tells the Network that the Host is Blocked As part of the KeepAlive, The Network Sends a Msg to the Client

File List How Kazaa v2 Works – Blocked From the Inside and Outside Kazaa Client on your Network The Kazaa Network Kazaa Client on a Remote Network What Happens if we Try to Block Port 1214/TCP Outbound This Client Registers itself on Port 80/TCP with the Kazaa Network This Client Sends a List of Shared Files to the Network This Client Searches for a File which the other client has available The Network Responds with a Client ID to connect to for the file The Client Initiates a Connection to the Hosting Client and is Blocked This client PUSHES the File to the other Client Firewall X This Client Tells the Network that the Host is Blocked As part of the KeepAlive, The Network Sends a Msg to the Client X Tries to get out on Ports: 1214/TCP - BLOCKED 1215/TCP - BLOCKED 3536/TCP - BLOCKED MANY OTHERS/TCP – BLOCKED It will Try Hundreds of Ports Including: 80,53,1024,etc etc etc

The Future Kazaa Version 2 –Has Basic Block and Firewall Evasion –There are only a few options available for blocking Kazaa v2 None of which are easy to implement Most Cost Money –Kazaa v3 is expected to make it even harder to block P2P traffic –Kazaa is Expected to take up more bandwidth than Web Traffic in the coming years