[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Instant Messanger

No, this isn't anything like snort, though snort is helpful in determining what to block.  Policy-based routing is actually a way of the router looking at the IP traffic itself and doing stuff to/with it before you let it head on to its destination.  This is a step that happens before the K12LTSP server--or anything else on the LAN--ever sees the traffic.

As for an example, yes, I could...on a router, specifically, a cisco, because that's how we do it (we use ciscos for lots of esoteric--er, "creative" things).  I don't know how to do it on another router type, though, and I'd be lost on how to do it on a GNU/Linux router, until I can take some time to research it.  Should be conceptually the same, though, if policy routing's supported, but I just haven't done it on GNU.

Mind you, though, you'd better have a decent understanding of what policy-based routing is before you even think of applying it.  You could easily DoS yourself.

If, after all these warnings, you are still interested, and I hope you are because it's very useful, let me know, and I'll be glad to help you offline.  For now, check out this bit of short (really!) reading:


This describes Code Red, but you'd simply add the strings "login.oscar.aol.com" and "*messaging.aol.com" to the list of things to look for, and you've killed it.


On Wed, 2003-10-01 at 09:20, Caleb Wagnon wrote:
Terrell Prude', Jr. said:
> What you want is policy-based routing.  That's how we deal with it.
> Ever since IM clients started using TCP 80, etc., it became a bear for
> us to stop w/o DoS'ing the whole school district.  Policy-based routing
> works no matter what TCP or UDP port you're on.  The router is able to
> actually examine the protocol running across the wire and put a stop to
> whatever traffic you don't want flowing.  We also did this with Code
> Red, Nimda, etc.  This ability was invented precisely because of what
> you're running into below.

Terrell, can you give me an example of a setup? Are you referring to using
a packet sniffer of the sort such as snort? We're using snort here and it
takes care of security things such as intrusion detection....and even
prevention. But I haven't tweaked it enough to catch all the chat clients.

Caleb Wagnon MCP A+ CCNA
Technology Coordinator
Fordyce School District
Fordyce, AR 71742

Outgoing mail is certified Virus Free.
checked by Clam Antivirus (http://www.clamav.org)
Fordyce Schools Redbugmail System

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

Do you Slack!?
Slackware GNU/Linux - Free, easy-to-trust web site server software

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]