LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Block all download software (https://www.linuxquestions.org/questions/linux-security-4/block-all-download-software-674721/)

nkutty 10-06-2008 11:22 PM
Block all download software
 
Hi..

i am using REHEL4 with squid proxy for internet sharing

and also potables firewall i wan to block all the downloading software

like flash get, web zip, get right, web ripper using this all are missing

using the internet how to Block downloading through software

please help ME dears


With regards
Kutty N

htnakirs 10-07-2008 05:20 AM
It will be hard to find and block all downloading apps. If your concern is high data transfer, it is much easier to setup quotas for each user. I think. This will automatically prevent large downloads from being saved.

nkutty 10-07-2008 10:58 PM
How to fine port
 
Other way is how to fine port for these downloadmnagers

win32sux 10-07-2008 11:06 PM
Maybe you could use the browser ACL to allow access only for your browser's User-Agent string(s).

That is, assuming the download managers don't do any User-Agent spoofing.

nkutty 10-07-2008 11:17 PM
Find port
 
hi..

if we are able to find listen port number for these flash get, web zip, web ripper, free download manger we can drop these port through iptables

can say the port numbers or tell me how find the ports

billymayday 10-07-2008 11:19 PM
Set up wireshark on the server and fire the products up and see what ports they use.

nkutty 10-07-2008 11:24 PM
port
 
i am not clear what Your saying.. this there any way through Net to fine

billymayday 10-07-2008 11:39 PM
Wireshark lets you look at packets that pass through an ethernet port. You can see what the source and destination ports are, protocol, IPs etc. Set it up (it should be in one of the RH repos) and start the various applications you are concerned about on a computer attached to the server. You'll soon see ewhat ports the applications are requesting.

I fact, you could just install wireshark on a client and watch there. There are Windows and Linux versions.

win32sux 10-08-2008 04:15 PM
The destination ports would be useless, as they will be the same ports anything else uses. You won't be able to differentiate between program Foo and program Bar by using destination ports. You could use source ports, but who's to say the programs limit themselves to a specific range which doesn't overlap with what your browser (for example) uses? This kind of stuff is simply not something iptables is a good choice for half the time.


All times are GMT -5. The time now is 05:32 PM.