Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, here's my issue. People behind my firewall (who are technically incompetant) are giving out information about the internal network, and also executing commands that outside people tell them. They are talking to these people over MSN, AIM, those kinds of things. Sadly, these people are trying to find leaks in my firewall, so I am trying to stop them. I was wondering if it was possible to actively check all the appropriate packets for certain phrases or bits of information and drop the ones that contain it, and also log them?
What tools should I use? Any tutorials that would help?
You can block ip's and ports. You can filter and disallow ports/processes. You cannot identify and decipher any piece of data on any given process/port/ip.
Ever try to snoop a SSH session on port 80? Not very helpful. And I pity the programmer that attempts to decipher the traffic. Here are some tools that you should look at.
If you want a precanned ham solution that attempts erroneously to identify and stop processes and their content, you can look at getting the Cisco Packetshaper. It's only 30K.
If you want a precanned linux solution that attempts to not do multiport/ip/process content filtering, you can try out clarkconnect firewall/mandrake multinetwork firewall/netmax firewall. All of the programs I listed above are built in. And the only free one there is from mandrake, so choice you weapon at will.
Good luck. And, are your users technically incompetant if they can use MSN/AIM/execute arbitrary commands? I don't think so. No, that's where the sysadmin gets canned. If I were you, I'd get to work.
P.S. They are incompetant. Almost anybody can figure out how to use MSN in no time, that's why it's popular. Also, If someone sat down at a computer, and you told them "Click Start->Run, Type "command" then type "<some command>" and tell me what it says", almost anybody could understand that. It's really not that hard.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.