Blocking AIM from network.
 

I want to block access to AIM on my network at work. I had set my firewall to block the AIM port but some employees have figured out that by changing the port within AIM they can get back on. I tried to block the server web address (login. oscar.aol I think it was) via the hosts file but somehow that didn't work.

Any other ideas short of telling them not to use it which they won't listen too?

The only real way that i know of is not allow "direct" internet access and have everyone go through a proxy server (and have the proxy server block the aim traffic). In the aim client there is a way to have it detect an open port for it to use (could be anything from telnet, ftp, port 80, etc).

I think there are more then one server, I also think that there are multiple ports that AIM uses. I think there are two other ones, and then it resorts to port 80, so blocking the port is prollay out of the idea.
What kind of computers are you using at work?
If it's anything new, I bet you could just disable it. Or implement a rule that if you're found to be using it, poop will fly?

No matter how hard you try to disable something, people will find a way, so make rules with punishments and let everyone know them.

Oh.. i tried to do this on one of my networks... OOOOY!!!! it's a pain in the butt to do, and i never got it to work 100%

someone once told me that if you ever wanted to test your firewall for holes, use AIM. It will find any hole that it can to make itself work. ;)

What operating system are your users running? What server operating system are you running?

If you give us more details about your network setup, we might be able to help a little better. One thing is for sure though, AIM can adapt itself to pretty much any network configuration in order to connect. The AIM login servers listen on pretty much every port [I've seen people connect using ports 13, 80, 445, 8080, etc.].

Your ideal best bet would be to set up some kind of packet analyzing machine in order to check the contents of each inbound/outbound packet (thus severely slowing network access, unfortunately) and if it saw AIM packets, to drop them.

Of course, even then, someone could SSH tunnel to an outside computer and run AIM through the tunnel. :D

My company (think large entertainment mouse) uses a proxy server to block AIM traffic as heyal256 suggested.

I am surprised at the tech level of your users though. I don't envy you.

Unfortunately, this will be the easiest way to go. And setting this up wont be any better than chasing it around your own network, but once its done, you will be in control. Lock down all the ports and laugh your way back to your office. Tell people to stop all their god damned chatting and do some work. Tell them that the network is not there simply for their pleasure. For fun, shut down your Internet connection for a short time (if you can.) Let them know who's who.

I agree with jujueye - once AIM is shut down, strangely enough the level of productivity will increase [after an initial period of bitching]. It's odd how much time you spend just idly talking to people, checking away messages and profiles, and waiting on something to happen - when you should be working.

What sucks is that there's a double standard where I work. I had blocked it successfully for a week. But I was told to put it back on cause some people were allowed to use it. So after a few weeks I realized that I can change the port within certain AIM clients and block those that I choose.
I really just want one person blocked within my department only. But after a few days he realized that he too can change the ports I block. His machine runs Win2k SP3. I thought about changing his logon to a more restrictive user type, he runs as amin or super user only cause I've had problems with certain apps not running properly in non-admin mode.
The network is linked thru a few switches which connect to a Linksys DSL router. I use that as my firewall.

I wanna tell him to quit using it but I use it too. I just don't let it get in the way of my work.

"Do as I say not as I do." could apply I suppose ;)

I am amazed your company doesn't have stricter rules reguarding internet access. At my dad's company they have a zero tolerance policy for abusing the internet. You fuck around on their time, you will find yourself in the unemployment line. I know at my Dad's office they use monitoring programs, if they find any unauthorized useage, your gone it is as simple as that.

Well when the owners daughters use the company network to chat on AIM or MSN it's hard to control your department employes usage.

Guess the only resort is to put up with, make thier chat time difficult buy constantly changing settings or just disscuss the problems directly with them.

Or can I do anything to the registry to disable AIM?

One possibility is to set up firewall rules blocking those internal IPs from talking to the AOL/AIM servers (on ANY port) - that'd be a fairly quick way of stopping specific users. Might be more trouble than it's worth, though.

If I can assume you also have a Win2K Server, then I have 2 words for you, "group policy". Stick this yahoo in his own group. Then create a policy for that group that does not allow him to run AIM. If you want more info on how to do this, let me know.

The other thing you could do is set up a group policy that would only allow him to run specific applications. The end result is the same but a bit longer to set up.

When you don't have management support, you might as well forget it. That's a bunch of crap. If said daughter works there, she needs to work like everbody else...damned prima-donna. OTOH, unless everybody is related to her, they have no excuse.

As for using the registry, it would only work for a while. Then they will head out and download it again and reinstall, which will overwrite registry settings.

As for the guy who abuses it, how about this: if you have a few switches on their way to the router, is there any way to restrict just one of them (one switch)? I suppose it would depend on the model. If so, hang your most problematic employees on that switch, and block AIM access there only. Put the reliable employees on the switch that does not have restrictions. Or get another router and block it that way. If this works and he complains, tell him it must have been a user error. This will take some cabling fiddling, but is another option.

Sounds mighty frustrating. Good luck.

You could add a bogus entry to your hosts file on the firewall that says aim.gaim.aol.com is 127.0.0.1.

MUAHAHAHAHA. It worked!!

I had tried this before as I stated in the orginal thread. But in my haste I didn't notice that when I saved it the first time it saved the hosts file as text. Spybot changed my hosts file to read only so I changed that and WHAMO!

Fucker wasn't on all day today :D

Thanks for everyones help. And yes it was becomming very fustrating.

Until he figures out that he can write down the ip of of aim.gaim.aol.com from home, bring it to work, and type in that ip manually...

hey.... why dont you just talk to the guy... tell him he can use it as long as it doesnt get in the way of his work...

Good job, man. All in the details!

I don't think he's that brite. All the other stuff he got around was because AIM helped him find open ports.

I'll see about blocking that ip also tomorrow.

Talking to him is like talking to my kids :rolleyes:

Well good thing I checked his IE history today. Seems that I forgot about AIM java clients. Went ahead and blocked any aimexpress related addresses.

Just a matter of time before I'll have to block ICQ, MSN and Yahoo too :rolleyes: