Tilted Forum Project Discussion Community

Tilted Forum Project Discussion Community (https://thetfp.com/tfp/)
-   Tilted Technology (https://thetfp.com/tfp/tilted-technology/)
-   -   Blocking AIM from network. (https://thetfp.com/tfp/tilted-technology/53120-blocking-aim-network.html)

Krycheck 04-21-2004 08:57 AM

Blocking AIM from network.
 
I want to block access to AIM on my network at work. I had set my firewall to block the AIM port but some employees have figured out that by changing the port within AIM they can get back on. I tried to block the server web address (login. oscar.aol I think it was) via the hosts file but somehow that didn't work.

Any other ideas short of telling them not to use it which they won't listen too?

heyal256 04-21-2004 10:37 AM

The only real way that i know of is not allow "direct" internet access and have everyone go through a proxy server (and have the proxy server block the aim traffic). In the aim client there is a way to have it detect an open port for it to use (could be anything from telnet, ftp, port 80, etc).

Fallon 04-21-2004 11:58 AM

I think there are more then one server, I also think that there are multiple ports that AIM uses. I think there are two other ones, and then it resorts to port 80, so blocking the port is prollay out of the idea.
What kind of computers are you using at work?
If it's anything new, I bet you could just disable it. Or implement a rule that if you're found to be using it, poop will fly?

No matter how hard you try to disable something, people will find a way, so make rules with punishments and let everyone know them.

Cynthetiq 04-21-2004 12:27 PM

Oh.. i tried to do this on one of my networks... OOOOY!!!! it's a pain in the butt to do, and i never got it to work 100%

dksuddeth 04-21-2004 12:49 PM

someone once told me that if you ever wanted to test your firewall for holes, use AIM. It will find any hole that it can to make itself work. ;)

hrdwareguy 04-21-2004 01:05 PM

What operating system are your users running? What server operating system are you running?

Pragma 04-21-2004 03:38 PM

If you give us more details about your network setup, we might be able to help a little better. One thing is for sure though, AIM can adapt itself to pretty much any network configuration in order to connect. The AIM login servers listen on pretty much every port [I've seen people connect using ports 13, 80, 445, 8080, etc.].

Your ideal best bet would be to set up some kind of packet analyzing machine in order to check the contents of each inbound/outbound packet (thus severely slowing network access, unfortunately) and if it saw AIM packets, to drop them.

Of course, even then, someone could SSH tunnel to an outside computer and run AIM through the tunnel. :D

portwineboy 04-21-2004 05:49 PM

My company (think large entertainment mouse) uses a proxy server to block AIM traffic as heyal256 suggested.

I am surprised at the tech level of your users though. I don't envy you.

jujueye 04-21-2004 06:49 PM

Quote:

Originally posted by heyal256
The only real way that i know of is not allow "direct" internet access and have everyone go through a proxy server (and have the proxy server block the aim traffic).
Unfortunately, this will be the easiest way to go. And setting this up wont be any better than chasing it around your own network, but once its done, you will be in control. Lock down all the ports and laugh your way back to your office. Tell people to stop all their god damned chatting and do some work. Tell them that the network is not there simply for their pleasure. For fun, shut down your Internet connection for a short time (if you can.) Let them know who's who.

Pragma 04-21-2004 07:28 PM

I agree with jujueye - once AIM is shut down, strangely enough the level of productivity will increase [after an initial period of bitching]. It's odd how much time you spend just idly talking to people, checking away messages and profiles, and waiting on something to happen - when you should be working.

Krycheck 04-21-2004 08:29 PM

What sucks is that there's a double standard where I work. I had blocked it successfully for a week. But I was told to put it back on cause some people were allowed to use it. So after a few weeks I realized that I can change the port within certain AIM clients and block those that I choose.
I really just want one person blocked within my department only. But after a few days he realized that he too can change the ports I block. His machine runs Win2k SP3. I thought about changing his logon to a more restrictive user type, he runs as amin or super user only cause I've had problems with certain apps not running properly in non-admin mode.
The network is linked thru a few switches which connect to a Linksys DSL router. I use that as my firewall.

I wanna tell him to quit using it but I use it too. I just don't let it get in the way of my work.

"Do as I say not as I do." could apply I suppose ;)

punx1325 04-21-2004 09:19 PM

I am amazed your company doesn't have stricter rules reguarding internet access. At my dad's company they have a zero tolerance policy for abusing the internet. You fuck around on their time, you will find yourself in the unemployment line. I know at my Dad's office they use monitoring programs, if they find any unauthorized useage, your gone it is as simple as that.

Krycheck 04-21-2004 09:35 PM

Well when the owners daughters use the company network to chat on AIM or MSN it's hard to control your department employes usage.

Guess the only resort is to put up with, make thier chat time difficult buy constantly changing settings or just disscuss the problems directly with them.

Or can I do anything to the registry to disable AIM?

Pragma 04-21-2004 10:22 PM

One possibility is to set up firewall rules blocking those internal IPs from talking to the AOL/AIM servers (on ANY port) - that'd be a fairly quick way of stopping specific users. Might be more trouble than it's worth, though.

hrdwareguy 04-22-2004 10:57 AM

Quote:

Originally posted by Krycheck

I really just want one person blocked within my department only. But after a few days he realized that he too can change the ports I block. His machine runs Win2k SP3. I thought about changing his logon to a more restrictive user type, he runs as amin or super user only cause I've had problems with certain apps not running properly in non-admin mode.

If I can assume you also have a Win2K Server, then I have 2 words for you, "group policy". Stick this yahoo in his own group. Then create a policy for that group that does not allow him to run AIM. If you want more info on how to do this, let me know.

The other thing you could do is set up a group policy that would only allow him to run specific applications. The end result is the same but a bit longer to set up.

jujueye 04-22-2004 11:19 AM

Quote:

Originally posted by Krycheck
Well when the owners daughters use the company network to chat on AIM or MSN it's hard to control your department employes usage.

Or can I do anything to the registry to disable AIM?

When you don't have management support, you might as well forget it. That's a bunch of crap. If said daughter works there, she needs to work like everbody else...damned prima-donna. OTOH, unless everybody is related to her, they have no excuse.

As for using the registry, it would only work for a while. Then they will head out and download it again and reinstall, which will overwrite registry settings.

As for the guy who abuses it, how about this: if you have a few switches on their way to the router, is there any way to restrict just one of them (one switch)? I suppose it would depend on the model. If so, hang your most problematic employees on that switch, and block AIM access there only. Put the reliable employees on the switch that does not have restrictions. Or get another router and block it that way. If this works and he complains, tell him it must have been a user error. This will take some cabling fiddling, but is another option.

Sounds mighty frustrating. Good luck.

Peetster 04-22-2004 11:25 AM

You could add a bogus entry to your hosts file on the firewall that says aim.gaim.aol.com is 127.0.0.1.

Krycheck 04-22-2004 08:37 PM

Quote:

Originally posted by Peetster
You could add a bogus entry to your hosts file on the firewall that says aim.gaim.aol.com is 127.0.0.1.

MUAHAHAHAHA. It worked!!

I had tried this before as I stated in the orginal thread. But in my haste I didn't notice that when I saved it the first time it saved the hosts file as text. Spybot changed my hosts file to read only so I changed that and WHAMO!

Fucker wasn't on all day today :D

Thanks for everyones help. And yes it was becomming very fustrating.

Rangsk 04-22-2004 09:15 PM

Until he figures out that he can write down the ip of of aim.gaim.aol.com from home, bring it to work, and type in that ip manually...

Jam 04-22-2004 11:54 PM

hey.... why dont you just talk to the guy... tell him he can use it as long as it doesnt get in the way of his work...

jujueye 04-23-2004 11:34 AM

Good job, man. All in the details!

Krycheck 04-23-2004 07:38 PM

Quote:

Originally posted by Rangsk
Until he figures out that he can write down the ip of of aim.gaim.aol.com from home, bring it to work, and type in that ip manually...
I don't think he's that brite. All the other stuff he got around was because AIM helped him find open ports.

I'll see about blocking that ip also tomorrow.

Talking to him is like talking to my kids :rolleyes:

Krycheck 04-24-2004 09:02 AM

Well good thing I checked his IE history today. Seems that I forgot about AIM java clients. Went ahead and blocked any aimexpress related addresses.

Just a matter of time before I'll have to block ICQ, MSN and Yahoo too :rolleyes:


All times are GMT -8. The time now is 01:33 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360