How Kazaa Works

The inner workings of Kazaa and other Peer-2-Peer technologies

By Troy Jessup

Terms of Use

• Use of this presentation is granted to education and non-profit entities for education in security topics as described herein. The following limitations and restrictions apply:– The content of this presentation remain unchanged from its

original published format, except for updates to the content for accuracy or current tactics/trends

– Any changes made to the presentation are understood to not be the original work of the author, and noted in the presentation as such.

– Credit to the author is retained as-is in the original presentation format.

– Use by “for profit” or “commercial” entities must be granted permission by the author, and are subject to further restrictions.

About the Author

• Troy Jessup (CISSP)

– Sr. Security Analyst for the Utah Education Network

– Security Professional for 6 years– Author of Security related articles and

information available free to the public at the URL listed below.

– Updates to this and other presentations are available via the website: http://www.ndnn.org/blog

The History

• Kazaa Version 1– Basic Design in Peer to Peer (P2P)– Followed in the footsteps of Napster– Static use of Port 1214/TCP for access

The Present

• Kazaa Version 2– Basic Design in Peer to Peer (P2P)– Follows in the footsteps of Gnutella and

Napster– Dynamic use of Port nearly ANY port for

access– Block and Firewall Evasion Built in.

How Kazaa v2 Works

Kazaa Client on your Network

The Kazaa Network

Kazaa Client on a Remote Network

Normal File Sharing Concept for Kazaa Version 2

File List

This Client Registers itself on Port 1214/TCP

with the Kazaa Network

This Client Sends a List of Shared Files

to the Network

This Client Searches for a File

which the other client has availableThe Network

Responds with a Client ID to connect

to for the file

The Client Initiates a Connection to the

Hosting Client

This client Responds to the

request and sends back the file

File List

How Kazaa v2 Works – Blocked From the Outside

Kazaa Client on your Network

The Kazaa Network

Kazaa Client on a Remote Network

What Happens if we Try to Block Port 1214/TCP

This Client Registers itself on Port 1214/TCP with the Kazaa Network

This Client Sends a List of Shared Files to

the Network

This Client Searches for a File

which the other client has available

The Network Responds with a

Client ID to connect to for the file

The Client Initiates a Connection to the

Hosting Client and is Blocked

This client PUSHES the File to the other

Client

Firew

all

X

This Client Tells the Network that

the Host is Blocked

As part of the KeepAlive, The

Network Sends a Msg to the Client

File List

How Kazaa v2 Works – Blocked From the Inside and Outside

Kazaa Client on your Network

The Kazaa Network

Kazaa Client on a Remote Network

What Happens if we Try to Block Port 1214/TCP Outbound

This Client Registers itself on Port 80/TCP with

the Kazaa Network

This Client Sends a List of Shared Files to

the Network

This Client Searches for a File

which the other client has available

The Network Responds with a

Client ID to connect to for the file

The Client Initiates a Connection to the

Hosting Client and is Blocked

This client PUSHES the File to the other

Client

Firew

all

X

This Client Tells the Network that

the Host is Blocked

As part of the KeepAlive, The

Network Sends a Msg to the Client

X

Tries to get out on Ports:1214/TCP - BLOCKED

1215/TCP - BLOCKED3536/TCP - BLOCKED

MANY OTHERS/TCP – BLOCKED

It will Try Hundreds of Ports Including: 80,53,1024,etc etc etc

The Future

• Kazaa Version 2– Has Basic Block and Firewall Evasion– There are only a few options available for

blocking Kazaa v2• None of which are easy to implement• Most Cost Money

– Kazaa v3 is expected to make it even harder to block P2P traffic

– Kazaa is Expected to take up more bandwidth than Web Traffic in the coming years