-
Nebulus: No point in using the IDS to drop both sides of the connection, (Yes Snort will do this if the rule is written to do it and there is also a test facility that allows a message to be sent to the two machines I believe - I gotta look into that in a minute..... ;) ), since the client will assume it is dropped at the firewall and allow the alternative connection to take place.
I'm gonna take a look at the message thingy, test it and see what it does. The I might add the message part to a rule for these chat proggies that will be received by the offending user telling them to quit or die...... :D . I'll see if it works and get back to you all.
Pooh..... :(
I use a custom version of snort that does not include flexresp therefore it doesn't recognize the react keyword and fails out on the rule....... Also, this used to send a message to the browser rather than a windows messaging message, (which would be real nice), so it is designed to limit web access more than anything else - shame really... I coulda had a lot of fun with my (L)users...... :D
-
I simply restrict access to the hosts file, and then add the servers URL to it.
127.0.0.1 www.aol.com <----- repeat for ALL the aol chat servers.
quick buddy is another one to block too since its Javabased.
*shrug* its work, but if your seriously wanting it gone, it works for me.
the kiddies cant access C:\ so they cant get the hosts file...
its not the best way in a open machine, but its how I stopped it.
-
I simply restrict access to the hosts file, and then add the servers URL to it.
127.0.0.1 www.aol.com <----- repeat for ALL the aol chat servers.
quick buddy is another one to block too since its Javabased.
*shrug* its work, but if your seriously wanting it gone, it works for me.
the kiddies cant access C:\ so they cant get the hosts file...
its not the best way in a open machine, but its how I stopped it.
-
I am in the fortunate position of having extremely unsophisticated users and a firewall that is blocking their attempts. I was just going to add a snotty message for my own amusement and edification..... :)
As to blocking access to C:...... Wouldn't work in my environment..... Good suggestion for others tho....
-
I am in the fortunate position of having extremely unsophisticated users and a firewall that is blocking their attempts. I was just going to add a snotty message for my own amusement and edification..... :)
As to blocking access to C:...... Wouldn't work in my environment..... Good suggestion for others tho....
