The way I block Kazaa (and the other file sharing applications) is a
blanket ban on all ports by default. I then open the ports as I think is
appropriate at the firewall. These only include the port 23 for anyone
wishing to use telnet. All web and ftp style ports on 80, 21 and the like
are handled by a web-proxy to prevent using them for other purposes. All
incoming connects (and lots of ICMP messages) are dropped by the firewall also.
