LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-10-2003, 11:47 PM   #1
LiloAma
LQ Newbie
 
Registered: Nov 2003
Posts: 21

Rep: Reputation: 15
How to use IP Tables blocks a CHAT USERS and Sharing Files with P2P or Napster???


Dear All
I'm a newbie and i don't have ip-tables experince also.
So,i would like to know how to use IPTables to block some Chat Software like a Yahoo MSG,MSN,IRC and also with a Sharing files like a Napster,P2P

Could you give a suggestion to me to blocking its?

Thankz
 
Old 12-11-2003, 12:50 AM   #2
Caeda
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Suse 6.0+, Mandrake 5.0-10.0, Redhat 6.0-9.0, Gentoo 1.2+, Gnoppix, Knoppix, Sabayon, Ubuntu 5.04+
Posts: 1,811

Rep: Reputation: 45
/me hands you scissors for your internet cable.
Yep.. that should do it. :-D

Ah, File Sharing programs should be easy, and hard to block. As they usualy use a standard port or two for listening and sending connections and they can be blocked off... As for Chat software.. a lot of its written to try all sorts of ports and work around firewalls and bad internet connections.. so you might not get to block that off..
 
Old 12-11-2003, 04:09 AM   #3
LiloAma
LQ Newbie
 
Registered: Nov 2003
Posts: 21

Original Poster
Rep: Reputation: 15
That means,I can't set a IPTABLES Box to block these chat software,right?
But i heard some linux administrator uses IPTABLES block a Chat software successful.
Anyone give me an ideal??
 
Old 12-11-2003, 07:41 AM   #4
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
p2p: http://www.lowth.com/p2pwall/

chat: http://mailman.ds9a.nl/pipermail/lar...q2/003276.html
 
Old 12-15-2003, 04:45 PM   #5
frogman
Member
 
Registered: Sep 2003
Distribution: Mandrake, Slack, Debian and PicoBSD
Posts: 181

Rep: Reputation: 31
assuming this is a work environment, that the users aren't supposed to be using chat (and def not p2p) and that they _know_ they shouldn't be using it (i.e you've explicitly told them)......

Warn them once, showing them that you know they've been doing it (i.e firewall logs / whatever), explain why it's not allowed and the consequences.

2nd time, sic the HR drones on them.

(yes, it's harsh but they're adults and know they shouldn't be doing it - your network, your rules.)
 
Old 12-16-2003, 10:10 PM   #6
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
I'm with frogman.
 
Old 12-17-2003, 07:52 PM   #7
LiloAma
LQ Newbie
 
Registered: Nov 2003
Posts: 21

Original Poster
Rep: Reputation: 15
Thankz a lot.
I kicked them already
 
Old 12-17-2003, 11:35 PM   #8
ugob
Member
 
Registered: Nov 2003
Distribution: RH, Fedora, Debian, Knoppix
Posts: 436

Rep: Reputation: 31
Quote:
Originally posted by LiloAma
Thankz a lot.
I kicked them already
With?
How?
 
Old 12-18-2003, 03:20 PM   #9
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Q. With?
A. Boots.

Q. How?
A. Hard.

(I hope)
 
Old 12-18-2003, 06:18 PM   #10
frogman
Member
 
Registered: Sep 2003
Distribution: Mandrake, Slack, Debian and PicoBSD
Posts: 181

Rep: Reputation: 31
Quote:
Originally posted by ugob
With?
How?
cat5 garrotte is always popular - readily available and easily hidden.
 
Old 12-18-2003, 07:55 PM   #11
LiloAma
LQ Newbie
 
Registered: Nov 2003
Posts: 21

Original Poster
Rep: Reputation: 15
thankz all
I kicked them by setting a new user policy in my organization.
If someone broked my policy.
I'll inform to their manager to punish their ass!!
It's work than fight with the computer!
hehe
Thanks a lot guys
 
Old 12-18-2003, 09:27 PM   #12
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Good work.
 
Old 12-21-2003, 10:11 AM   #13
Blu-star
Member
 
Registered: Sep 2003
Posts: 35

Rep: Reputation: 15
hehe im sure youīll be the most popular guy around your work after a while

if i had a irritating networkadmin that wouldnīt allow me to chat and stuff like that i would just encrypt it all, then he canīt say a shit
 
Old 12-21-2003, 11:04 AM   #14
JordanH
Member
 
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Spoken like a true co-op student.

Seriously though, P2P apps cost companies quite a bit of time and money both in bandwidth but also in repairing viruses and worse - what happens if your employees accidentally shared confidential files? P2P has it's place for personal computing or perhaps you could make a case for internal file sharing but that's it.

As for 'chat' programs... well... There are legitimate and cost-saving uses for Instant Messaging. I think management fears IM at first because they see it as a time/productivity waster but that's the old-school of thought. The mentality of, "if I don't watch my employees, they'll slack off" is not appropriate for today's world. For the most part, knowledge workers like to work and won't spend all day chatting if management does their job to ensure employees are on track with their tasks. *shrug* Eitherway, it's the companies network, they have the right to make the rules.

oh, if you are irritated with the policy, blame management, not the network admin. He's just doing his job.
 
Old 12-24-2003, 08:35 AM   #15
frogman
Member
 
Registered: Sep 2003
Distribution: Mandrake, Slack, Debian and PicoBSD
Posts: 181

Rep: Reputation: 31
Quote:
Originally posted by Blu-star
if i had a irritating networkadmin that wouldnīt allow me to chat and stuff like that i would just encrypt it all, then he canīt say a shit
<bofh>You don't think he might be curious about the encrypted traffic? A sniffer / software audit would reveal the source, you'd get a bollocking and would have a typewriter for the next month.</bofh>

Quote:
Originally posted by JordanH
oh, if you are irritated with the policy, blame management, not the network admin.
if you have a 1/2 decent PHB (rare), the network admin usually has final say on what's allowed. (not in the sense that he can ok p2p, but he has some kind of veto on non-essential additional services - since he'll have to maintain it).

We use Jabber internally (quicker than email / messages are logged), but it stops at the internal firewall, partly because it doesn't need to go out, but mostly because we (IT staff) have said it's _not_ going out.

[cue overworked and underpayed rants].
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Files sharing between users on same computer Artik Linux - Security 5 07-13-2005 02:23 PM
Encore Router Firewall Blocks P2P rickh Linux - Hardware 0 05-02-2005 12:14 AM
sshd blocks users from other machines TommyB Linux - Networking 3 05-18-2004 01:19 PM
P2P File Sharing Bloodspiller Mandriva 18 02-27-2004 07:33 PM
P2P Sharing Problem ashjam10 Linux - Networking 6 09-26-2003 10:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration