Stopping the Chat

[drewmaztech]

Here's the layout: Small business network. Windows 98 workstations. Linksys router and DSL internet connection.
They don't authenticate to any server.

How do I stop them from installing assorted IM programs? Or at least stop the programs from working?
I think I have to contend mostly with AIM, MS, and Yahoo.

I didn't see anything in the router where I could block this traffic. I'm not even sure on what ports those operate.

(I have made fake hosts files to keep them off certain web pages. Is there something similar for IM clients?)



Thanks for the help!

[NooNoo]

Interesting read here - not terribly helpful, but fleshes out what you are up against.

[jitBob]

Sounds like a small number of users on a *****peer network. Has management formulated a clear computer usage policy? Hopefully one with explicit hardware and software usage rules and spelled out consequences. You should have a policy in place and have everyone sign a copy. In my experience this should slow them down for at least a week. Best luck.

[Matridom]

here is what i would do. It's a bit of a run around, but would work well

I'm assuming you want to control surfing. and block just about everything else.

Simple solution is to setup a web proxy server. set this computer up with EXCLUSIVE internet access, but do NOT setup NAT, what this means is that the computer or system will be acting to proxy webpages only, with NAT turned off, no other traffic can pass, so the computers that are configured to it for a proxy would be allowed through. You will then be able to control what websites get visited.

The only down side i would see to this setup is that it would also block e-mail, unless it was web based

Other alternatives is to setup a stand alone server running something like Micrososfts, Internet Security and Exceleration server, and use the policies within it to control internet access, ofcourse, setting that up would require more software, and with a 2k server, enabling AD and setting up a domain would be a consideration also...

[drewmaztech]

It is a semi-small operation, but just telling them to stop and sign a paper isn't going to do jack%$#@. They'll slow down for a week or two, maybe...

I'm trying to finagle something with what they have now, or something cheap. No way would they spring for a 2k server just to block that. I can see it would be the best way, but what they have now works great for them.

[CeeBee]

Originally posted by drewmaztech
It is a semi-small operation, but just telling them to stop and sign a paper isn't going to do jack%$#@. They'll slow down for a week or two, maybe...

I'm trying to finagle something with what they have now, or something cheap. No way would they spring for a 2k server just to block that. I can see it would be the best way, but what they have now works great for them.

You don't need a 2k server. Even a 233Mhz Pentium with 64M of RAM on WinNT(for stability) or even Win95/98 without client for MS networks (for security) will work fine. All you need is a free proxy (and there are some available) and you're ready to go...

[confus-ed]

Can you not 'do it the other way around' .... use your firewall to restrict where thay can visit ?

[Outcoded]

poledit?

[SpongeBob]

on the linksys router, block all the default IM ports. It has the port filtering. This will prevent traffic on those ports from working.

The downside, if they figure out how to use port 80 (which means they cant use more than one IM at a time, and cant surf the net while using one) then they will get around it.

---------------------------
On the side note...


After working for large IT and small IT departments for large (2000+ users) and small - mid size (15-300 users) businesses. Thier is ONLY ONE WAY TO STOP IT COMPLETELY.....

The manager/owner needs to lay down the law and empower you to enforce it, or to bring the offenders to him/her for enforcement.

Take internet shopping for example...

One of the places i worked for had problems with people on Ebay and other online stores shopping till they drop all day....

NOTHING worked till we ended up having to let 2 people go.
(both warned in writing many times and made to read and sign a new policy about internet abuse)

Once they left and the example was set, to this day.... NO ONE abuses the internet.

Setup the router's trap message logging and get a small program called "Kiwi Syslog". this will allow you to run this on a single computer as a service that just monitors the router and logs all incomming and outgoing traffice.

example:


Date/time -- From ip - in/out bound - on port# --- to IP -- on Port#


The full version ($20 bucks or so) you can even setup filters for it logs different messages to different files.

All outbound traffic on port 80 to file: webtraffic.log
all inbould traffice to file : security breach attempts

alny thing you can think of... VERY nice.

I then import the .log file to excel, which i wrote a macro to parse it and turn on the "auto filter" feature in excell. so i can "drill down" more and get what i want from the logs in secoinds.

The logs can also be setup to overwrite each day, or archive them hourly, daily, weekly, monthly, so on and so forth.

[kato2274]

Originally posted by confus-ed
Can you not 'do it the other way around' .... use your firewall to restrict where thay can visit ?

I'm not sure what you mean as all you can really do from a firewall is close and open ports . . . . so you can open all of port 80 (web browsing) or none of it etc. A proxy server will filter. . . a true firewall won't but there are some good free proxy servers out there . . . especially based on linux, nice combo proxy firewall, router etc. . . . but you may have stumbled onto something because if he can figure out what port IM traffic is going in and out of he can block traffic to that port at the firewall.

same with streaming media.

[drewmaztech]

I think blocking the IM port traffic at the router level would be my best best, I think. Now all I have to do is figure out what ports those are!

We're not dealing with highly sophisticated users, so I don't worry too much about their reconfiguring the im clients for port 80.

[confus-ed]

Errrrrr so your firewall only closes & opens ports, but not for a particular address ?

I often set firewalls 'up' so they stop everything everywhere ... then add rules to allow stuff through but only to the ips I (or some other 'admin' ) set, & only for the required ports .... Truely a pain to set up & maintain, but I get asked every single week to do it this way - block all, then allow known or required only.....

[kato2274]

Originally posted by confus-ed
Errrrrr so your firewall only closes & opens ports, but not for a particular address ?

I often set firewalls 'up' so they stop everything everywhere ... then add rules to allow stuff through but only to the ips I (or some other 'admin' ) set, & only for the required ports .... Truely a pain to set up & maintain, but I get asked every single week to do it this way - block all, then allow known or required only.....

enlighten me . . . .what firewalls are you using? I've been using linux boxes mostly smoothwall I can open and close ports on the firewall side of it, but if I get into setting up rules I'm doing it though squid with ACLS and squid is a transparent proxy server not a firewall.

[confus-ed]

I dunno if we are getting terminology mix-ed up ! Take a look at some of the 'personal firewalls' like kerio ... more than feasable ...

[kato2274]

Originally posted by confus-ed
I dunno if we are getting terminology mix-ed up ! Take a look at some of the 'personal firewalls' like kerio ... more than feasable ...

no we're just on opposite ends of the spectrum . . . . hardware vs software that's all. . . . . I haven't played around with any of the software based stuff like kerio norton or zone alarm . . . I usually put up a smoothwall box or another linux distro on a dedicated machine. . . .

you can code all kind of extra stuff into a software "firewall" but if you have a true hardware firewall / router then you'll be able to telnet into it or access it via web browser, and open and close ports. . . and that's about it.

the smoothwall distro - which is great - was built to be an inexpensive alternitive to cisco routers / firewalls, and you can open, close and map ports, but NOT restrict certain sites, or authenticate users etc. . . when you get into that arena you're dealing with a proxy . . . . probably transparent but a proxy none the less.