[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Instant Messanger



I'm not sure if policy routing is available for Linux-based firewalls at
the moment (at least policy routing that is able to inspect the
application layer of a packet), but with some application proxies (like
Squid) you can limit traffic based on criteria obtained from the
application-layer of the network stack. The trick is you have to force
your traffic to go through the proxy to get any benefit from
it. Using transparent proxing with Squid and some firewall rules to
redirect all HTTP traffic to your proxy server would effectively do this
for you.

I've never actually blocked IM traffic with Squid, but we have used it in
the past to limit access to questionable web sites that contained certain
words. This worked well in that it didn't block access to the entire site,
just the pages that contained words on our "banned" list. We've also used
it to limit file size downloading over thin pipes. I believe you would be
able to block IM traffic in this fashion, or at least block IM users who
are trying to tunnel IM traffic through HTTP.



Michael Proto

On Wed, 1 Oct 2003, Caleb Wagnon wrote:

>
> Terrell Prude', Jr. said:
> > What you want is policy-based routing.  That's how we deal with it.
> > Ever since IM clients started using TCP 80, etc., it became a bear for
> > us to stop w/o DoS'ing the whole school district.  Policy-based routing
> > works no matter what TCP or UDP port you're on.  The router is able to
> > actually examine the protocol running across the wire and put a stop to
> > whatever traffic you don't want flowing.  We also did this with Code
> > Red, Nimda, etc.  This ability was invented precisely because of what
> > you're running into below.
>
> Terrell, can you give me an example of a setup? Are you referring to using
> a packet sniffer of the sort such as snort? We're using snort here and it
> takes care of security things such as intrusion detection....and even
> prevention. But I haven't tweaked it enough to catch all the chat clients.
>
>

-- 
mike proto ...................
mike jellydonut org ..........
http://mp3.com/protologic ....
"What, me worry?" -A.E. Newman




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]