[K12OSN] OT: Limit Network Access by time
Jim Kronebusch
jim at winonacotter.org
Fri Feb 27 10:05:01 UTC 2004
I get confused who is responding to who on this list sometimes :-)
-----Original Message-----
From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On Behalf
Of Christopher K. Johnson
Sent: Friday, February 27, 2004 8:40 AM
To: k12osn at redhat.com
Subject: Re: [K12OSN] OT: Limit Network Access by time
Jim Kronebusch wrote:
>Wouldn’t the following two commands
>0 23 * * * /sbin/ipchains -I ethout 1 -i eth1 -j DENY
>0 23 * * * /sbin/ipchains -I ethin 1 -i eth1 -j DENY Completely disable
>the interface on all ports? I assumed if I ran this on the local
>(Green Network for IPCop) it would disable routing completely. I am
>not looking for a port specific block, just an entire shutdown.
>Otherwise they will still be up all night on file sharing networks
>downloading stolen music and porn while instant messaging each other
>about what so and so said at school today. I want the network dead
>during off hours.
>
>-----Original Message-----
>From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On
>Behalf Of Christopher K. Johnson
>Sent: Friday, February 27, 2004 6:47 AM
>To: k12osn at redhat.com
>Subject: Re: [K12OSN] OT: Limit Network Access by time
>
>
>aust_txv at ACCESS-K12.org wrote:
>
>
>
>>Jim I use the cron tab interface in webmin to make my cron tab jobs.
>>That's a neat idea overall - Closing internet in/out traffic would be
>>a nice tool. We get a peer-to-peer issue now and then.
>>
>>Has anyone had a student connect to their PC at home via VNC ? Should
>>I be concerned ? Ideas on how to squash it ?
>>
>>Thanks,
>>Tom Ventresco
>>
>>
>
>You can complicate such access but you cannot block it. Any unproxied
>service or even ssl-based proxied service can be used to tunnel such
>access. For instance if you permit access to https then the student
>just has to make their home vnc listen on port 443, or their sshd and
>tunnel their vnc connection to do it securely even.
>
>So you can block ports in 5900-59xx and port 22 if you want to, but
>chances are they will find an alternative, and you will merely have
>complicated your own vnc and ssh access to outside systems.
>
>
>
My "You can complicate..." response was in reply to the "Has anyone had
a student connect to their PC at home via VNC?...how to squash it"
inquiry. If all traffic is disabled, that would of course disable access
to vnc
and all alternative services on outside hosts.
--
-----------------------------------------------------------
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #807000448202021
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.595 / Virus Database: 378 - Release Date: 2/25/2004
More information about the K12OSN
mailing list