-
September 16th, 2003, 05:52 AM
#11
Senior Member
I'll check tomorrow and follow up after I talk with the admin that disabled SOCKS.
Had to check so I could get some sleep:
At the moment, we are using ISA to block SOCKS. Sorry that I said that it was a script. Bad information, you caught me, busted .....
But, what we had in place was a script that pointed people to the firewall before we implemented ISA. The part that blocked SOCKS went something like this:
# SOCKS: establishing a connection
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -y \
-s $IPADDR \
-d $ANYWHERE $SOCKS_PORT -j REJECT
# SOCKS incoming connection
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -y \
-d $IPADDR $SOCKS_PORT -j DENY
I hope this gives you an Idea, If not, let me know and I'll put more of the rule here.......
Once again, Sorry that I said it was a Logon Script.
However, there is an app out there call socksdis.exe that will disable socks or you can do it manually be renaming the SOCKS.CNF file, but I don't know what this will cause..........
Man, Now I feel like I'm really not helping much at all..........
There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.
-
September 16th, 2003, 05:53 PM
#12
Junior Member
"anything going to login.oscar.aol.com"
I used the same method with ISA and it worked well, I originally blocked the default port but the program outsmarted me and swerved to a different port.
Same thing also worked in blocking access to GoToMyPC, I just found out what IP it authenticates through via their FAQS and blocked it as well. Something very disturbing about a program that can be installed and give remote access to anyone that has the password.......even worse is it uses port 80 and is built to go through the firewall (supposedly for zero config ease, I see it as a security breach/hole that needs to be closed).
-
September 16th, 2003, 06:08 PM
#13
Junior Member
well guys ... my problem still remains unresolved. I think i ll change the Router and go for some better one so that i can learn more about the Networking.
thnx
all the info gathered nd distributed is solely for informational purposes.
-
September 19th, 2003, 02:10 PM
#14
Junior Member
Sorry it took so long to reply....I'm headin' to northern Wisconsin this weekend and taking my laptop so if I have free time I'll see if I can cook up a tutorial on what I did.
Cheers.
-
September 19th, 2003, 06:28 PM
#15
Member
With regard to installing apps, don't forget that at least Yahoo has a java based chat client that you can run from the web. You just click the link and it runs the java applet for chat. You SHOULD be able to block access from the java client easily though, as I think it has to run on a particular port and can't be modified (to my knowledge anyway) to work on port 80 or whatnot.
-
September 19th, 2003, 08:01 PM
#16
Member
1) What is SOCKS and why do we not need it, and why does it block msn?
2)What is ISA for that mater
3)What if one had a proxy server, and firewall bloks all trafik not comming from the proxy server. Would this block programs that uses port 80 to try to pass the firewall.
I gues it depends if the proxy server is able to detect non http trafic.
One nasty program is the one talked about in this forum, where a client contacts a third party server through port 80, right through the firewall. And the third party server relays im & other services.
-
September 19th, 2003, 08:11 PM
#17
Senior Member
When an application client needs to connect to an application server, the client connects to a SOCKS proxy server. The proxy server connects to the application server on behalf of the client, and relays data between the client and the application server. For the application server, the proxy server is the client.
source:
http://www.socks.permeo.com/AboutSOC...KSOverview.asp
-
September 19th, 2003, 08:40 PM
#18
Member
I had the same problem but with the addition of Kazaa...
I posted a FAQ on Tek-Tips.com on how to block them from a server but not through the router. I am pasting it here in case it helps:
If you have been searching for a cheap effective means of blocking this type of software then here is your answer. I blocked Yahoo, Kazaa and all those other programs that port roam (such applications can change the port so the blocking of a specific static port(s) is of no use).
This will also work on programs like Wingate for which their is no port to block because it routes traffic.
1)Goto www.sysinternals.com, get and install pstools on a server or machine that will be scanning as stated below (doesn't have to be a server).
2)Create a batch script similar to:
@ ECHO OFF
:loop
REM All of the following is one line do NOT hit enter
REM The ^ is a shortcut for a more statemet.
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
REM You can hit enter now
goto loop
3) For each program your going to block you need to add:
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "process name" /I && pskill %%a process name >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "Message you want offender to see." -f %%a
So if I was going to block Yahoo AND Kazaa then my script would look like:
@ECHO OFF
:loop
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "kazaa" /I && pskill %%a kazaa >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Kazaa. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
goto loop
4) Run the batch script and have fun.
Now what this script does is it basically will do a net view and get the computer names. Then it does a pslist (downloaded from sysinternals) and looks for the ypager process (Yahoo Instant Messenger). If it finds it then it kills the process and writes to the shutdownlog file. You can end it there if you want but I go a step further becasue I want to know who did it. So a psloggedon will be done on that computer and written to the log so I know know the users login name and the TIME (I do this to dispute or support their excuses for example if they were not their at the TIME of the offense). You can end it their also but I work in a school and I am serious about installing this junk so I run pshutdown (I renamed the file to shutdown) on the machine with the message and a 60 second time delay which lets them know they have been busted and shutsdown the machine.
Now you run the batch file and every now and then look at the shutdown log to see who you have snared. Now you have all the information you need and if you want you can goto the specific computer and pull up the ownership of the illegal software and print the screen. Take all that to their boss.
I work in a college environment with about 800 students and their accounts get disabled when they install software like this.
Now where did I put my CD for Quake
Please note that this has only been tested on server operating systems running windows. This includes Windows XP, NT 4 w/sp6 and Windows 2000 Advanced Server. This is meant for networks not single machines. The server scans all the workstations on the network.
Have fun!!!
Bill
-
September 29th, 2003, 09:01 AM
#19
Junior Member
To block all other traffic and only allow HTTP or FTP traffic, you should only allow tcp port 80 (for web), tcp port 23(FTP) , and udp port 53(DNS, to resolve the urls). All other traffic/ports should be blocked.
You should only set this on your inside interface.
As long as your PC is connected to the router/firewall to access to the internet, and you have all this access-list set on your router/firewall, you have effeciently block Yahoo messenger, AOL.
-
September 29th, 2003, 12:47 PM
#20
Junior Member
But that's a very large restriction on genuine ports....
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|