[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Instant Messanger



We're filtering on two things:

login.oscar.aol.com
*messaging.aol.com

It's a bit of a "backdoor" way to do it.  Remember that the AOL clients need to look up DNS, specifically, login.oscar.aol.com.  We also do *messaging.aol.com just to be sure.  Well, if they can't find their server, they can't log in, no matter what TCP or UDP port they will eventually try to communicate on, be it port 80, 21, 20994, whatever.  The conversation won't even be able to begin!  MUAHAHAHAHA!!!!!!!!

The way that I knew that it worked was by hearing about all sorts of irate teachers complaining to the principals and beyond (this went to the Director level in one case) about how they "need" AIM to teach their students.  "HOW DARE THOSE NETWORK PEOPLE TAKE OUR AIM AWAY!!  THEY HAVE *NO* IDEA WHAT NEEDS TO GO ON IN A REAL-WORLD CLASSROOM!!!"  Kids didn't dare complain openly--they knew better.  Yes, we have a written policy that says no instant messaging.

Anyway, that's how we did it.

--TP

On Wed, 2003-10-01 at 18:38, Steve Wright wrote:
On Thu, 2003-10-02 at 10:34, Terrell Prude', Jr. wrote:
No, this isn't anything like snort, though snort is helpful in determining what to block.  Policy-based routing is actually a way of the router looking at the IP traffic itself and doing stuff to/with it before you let it head on to its destination.  This is a step that happens before the K12LTSP server--or anything else on the LAN--ever sees the traffic.

As for an example, yes, I could...on a router, specifically, a cisco, because that's how we do it (we use ciscos for lots of esoteric--er, "creative" things).  I don't know how to do it on another router type, though, and I'd be lost on how to do it on a GNU/Linux router, until I can take some time to research it.  Should be conceptually the same, though, if policy routing's supported, but I just haven't done it on GNU.

Terrell,

can you tell me exactly what you are filtering on ?   What /precisely/ in the IM packets can you reliably detect that indicate any of the IM protocols ?

I will have a go at producing a Linux TC filter that will drop all IM.  Don't hold your breath though.  It will be much quicker to just disable gaim et al on your LAN.


best,
Steve


Do you Slack!?
Slackware GNU/Linux - Free, easy-to-trust web site server software

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]