Intro:
Kazaa is a peer-to-peer file sharing framework that allows individuals to share files across the internet.
This script is an attempt to allow you to determine, by name, which Kazaa user's are connected to you from which IP address, so that firewall rules can be added to block users who are not sharing any files or otherwise being annoying.
Motivation:
Given that at any time a very large number of inbound TCP connections may be made to your machine destined for the Kazaa application (let alone other network connectinos), it is hard to work out which Kazaa user is on which IP address. By examining the output from a simple 'netstat -an' call it is possible to determine the IP addresses of users connected to you inbound via Kazaa, namely those connections established on the local port 2541. Further the user's Kazaa/Fasttrack p2p filesharing username can then be determined by sending an HTTP GET request to the user's IP address on port 1214.
Unfortunately it is not always possible to determine the user's information by sending a direct HTTP request to their IP address on port 1214, and as such the script isn't always able to return the info. I believe this is since Kazaa version 2.0 was released.
My attempts to find out more about the Kazaa 'protocol' have been fruitless (Kazaa isn't actually a 'protocol' as such, more a batardized adaptation of the 'FastTrack' p2p filesharing protocol) - and if anyone can contribute any links to decent info that would be cool.
References:
www.kazaa.com
- Kazaa homepage
Kazaa Denial of Service posted on Bugtraq
- This mail sent to bugtraq details ascertaining info about a kazaa user via telnet and how it's possible to swamp a kazaa user with large messages.
Kerio Personal Firewall
- The firewall of choice for win2k since the ubiquitous 'AtGuard' fails to work on win2k! I'll review it eventually...
The code:
The code is pretty minimal and was written very quickly - if anyone can add anything to it go for it!:
# no shebang line here!!! This is meant to be run in windows! :)
# see the ActiveState docs for more info
# Obviously you have to be running Kazaa on windows and have user's
# currently downloading from you for this script to work!!!
use IO::Socket;
# if nothing happens, no info is returned, uncomment this line to
# see your own share info:
#getUser("localhost");exit;
# grab the output from a netstat call into an array:
@netstat=`netstat -an`;
# check each line from the netstat output looking for inbound
# established connections on port 2541:
foreach $line (@netstat) {
if($line=~/2541\s+(.*?):.*ESTABLISHED/){
# find out user info for this connection:
&getUser($1);
}
}
# subroutine establishes TCP connection to $user IP address on port 1214
# and issues a GET / request:
sub getUser{
$user=shift;
print "IP Address: $user\n";
# Establish a TCP socket:
$sock=IO::Socket::INET->new(
Proto =>"tcp",
PeerAddr =>$user,
PeerPort =>"1214",
);
# if we can't connect, issue error - this happens a lot in kazaa version 2 unfortunately.
# please fix me! :)
(print ("cant connect to user $user: $!\n#######################\n") && return) unless $sock;
# if we got here then a socket was established, send a GET request:
print $sock "GET / HTTP/1.1\n\n";
# retrieve the data returned:
while(<$sock>){
# NOTE!!!!
# without this if clause the entire list of files being shared by the user
# will be displayed (pre kazaa 2.0 anyway).
# If you're interested, comment this bit out, and then run the script on yourself
# by commenting out the #getUser("localhost");exit; line above ^^^
if(/Content-Type:/) {
last;
}
# print out our info:
print;
}
print "#######################\n";
}