[K12OSN] OT: Limit Network Access by time

Steve Wright paua at quicksilver.net.nz
Fri Feb 27 16:51:09 UTC 2004 

the trick is not to top post..  ;-)  Quoting correctly preserves the
flow of the conversation.  /steve


On Sat, 2004-02-28 at 04:06, Jim Kronebusch wrote:
> I get confused who is responding to who on this list sometimes :-)
> 
> -----Original Message-----
> From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On Behalf
> Of Christopher K. Johnson
> Sent: Friday, February 27, 2004 8:40 AM
> To: k12osn at redhat.com
> Subject: Re: [K12OSN] OT: Limit Network Access by time
> 
> 
> Jim Kronebusch wrote:
> 
> >Wouldn’t the following two commands
> >0 23 * * * /sbin/ipchains -I ethout 1 -i eth1 -j DENY
> >0 23 * * * /sbin/ipchains -I ethin 1 -i eth1 -j DENY Completely disable
> 
> >the interface on all ports?  I assumed if I ran this on the local 
> >(Green Network for IPCop) it would disable routing completely.  I am 
> >not looking for a port specific block, just an entire shutdown.  
> >Otherwise they will still be up all night on file sharing networks 
> >downloading stolen music and porn while instant messaging each other 
> >about what so and so said at school today.  I want the network dead 
> >during off hours.
> >
> >-----Original Message-----
> >From: k12osn-admin at redhat.com [mailto:k12osn-admin at redhat.com] On 
> >Behalf Of Christopher K. Johnson
> >Sent: Friday, February 27, 2004 6:47 AM
> >To: k12osn at redhat.com
> >Subject: Re: [K12OSN] OT: Limit Network Access by time
> >
> >
> >aust_txv at ACCESS-K12.org wrote:
> >
> >  
> >
> >>Jim I use the cron tab interface in webmin to make my cron tab jobs.
> >>That's a neat idea overall - Closing internet in/out traffic would be 
> >>a nice tool.  We get a peer-to-peer issue now and then.
> >>
> >>Has anyone had a student connect to their PC at home via VNC ?  Should
> 
> >>I be concerned ?  Ideas on how to squash it ?
> >>
> >>Thanks,
> >>Tom Ventresco
> >>    
> >>
> >
> >You can complicate such access but you cannot block it.  Any unproxied
> >service or even ssl-based proxied service can be used to tunnel such 
> >access.  For instance if you permit access to https then the student 
> >just has to make their home vnc listen on port 443, or their sshd and 
> >tunnel their vnc connection to do it securely even.
> >
> >So you can block ports in 5900-59xx and port 22 if you want to, but
> >chances are they will find an alternative, and you will merely have 
> >complicated your own vnc and ssh access to outside systems.
> >
> >  
> >
> My "You can complicate..." response was in reply to the "Has anyone had 
> a student connect to their PC at home via VNC?...how to squash it"
> inquiry. If all traffic is disabled, that would of course disable access
> to vnc 
> and all alternative services on outside hosts.

More information about the K12OSN mailing list