-
September 18th, 2003, 11:33 PM
#11
Member
Bad newx, Tiger...
There just aint no way to do it without setting up a major proxy service, and my poor 300mhz gateway just don't got the juice to manhandle it (without causing a serious bottleneck problem)...
At any rate, If you're interested in knowing, you CAN use a proxy service that will scan the contents of each passing packet, and drop the kazaa junk... But like I said, it's weighs heavy on the heart... (and it's a real arse to set up, too... )
From where I'm sitting, it's just not worth the trouble... I'll just start kicking butt...
Thankx for the helpz
Rev
Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.
With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.
-
September 19th, 2003, 12:01 AM
#12
We take about three different tacks on this. KaZaa, Morpheus and other P2P systems must execute, so we can grab a signature from the executable and add it to our Key server (license keys) and award that signature a grand total of zero, zip, nadda licenses. Renaming the executable doesn't defeat this. Of course, you have to have all the signatures for all the different versions.
We also add the executable name (and/or the installer package name) to the "do not run" list in AD. That has limited effectiveness.
Otherwise, we monitor bandwidth at the router. The P2Ps have a "signature" that we can identify quickly. Kinda like the spikes for SETI@Home. P2P's start taking a percentage of the available pipe, and hold it at that level. Sniff the packets and find the offender. Nail the turkey to the wall and watch 'im or 'er squirm.
Oh, yeah, make sure you have a copy of the corporate AUP (acceptable use policy) that indicates those activities which result in termination. :-)
-
September 19th, 2003, 12:45 AM
#13
Junior Member
-
September 19th, 2003, 01:18 AM
#14
This may be overly simplistic, but how about a little app that detects when Kazaa starts up, then immediately shuts down the system, or beeps incessantly, or just blacks out the screen until a combination of keys is pressed....
-
September 19th, 2003, 02:17 AM
#15
On the cheap you can get the pstool kit from systernals
bastard.bat
---------------------------
echo. >stations.txt
echo. >running.txt
echo. >results.txt
net view >>stations.txt
for /F "tokens=1" %%X in (stations.txt) do pslist -t %%X >>running.txt
find /I /C "kazaa" running.txt >>results.txt
notepad results.txt
---------------------------
if you get a number in results.txt open running.txt and do a find for kazaa to see who it is
or you could use fscan (foundstone) instead of pslist if its not an nt network
fscan -bp 80,1214 10.0.0.1-10.0.1.200 >>running.txt
what i like to is open a terminal using psexec \\station -s cmd and rename all the dlls in the kazaa folder D one one, net send 127.0.0.1 file sharing is against company policy, then pskill \\station kazaa although id like to say ive been lucky because ive only come accross one instance of bear share, but i get a charge out of doing this with IMs which i get allot of
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
September 19th, 2003, 03:54 AM
#16
Member
-
September 19th, 2003, 04:09 AM
#17
agreed this is no where near as good as what your talking about but i would like to point out that if your running an nt network your already wide open for these kind of tools. they use WMI and are not backdoors but run from your computer. there's nothing needed on the workstation side but nt. and as far as finding ways around it...they dont even know whats happening... i want them to know they're being watched
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
September 19th, 2003, 04:27 AM
#18
Junior Member
Rev: There's another way to do it using iptables string matching. I've just started messing with it. Similar stuff (above layer 3) has been discussed ealier in this thread.
Seabass
-
September 19th, 2003, 04:33 AM
#19
-
September 19th, 2003, 04:43 AM
#20
im sorry if i sounded disagreeable wasn't meant that way. i just didn't want you to think i was suggesting trojaning your workstations :] mr bill has already done a fine job of that!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|