04-21-2004, 08:57 AM | #1 (permalink) |
Sultana ruined my evil persona
Location: Los Angeles
|
Blocking AIM from network.
I want to block access to AIM on my network at work. I had set my firewall to block the AIM port but some employees have figured out that by changing the port within AIM they can get back on. I tried to block the server web address (login. oscar.aol I think it was) via the hosts file but somehow that didn't work.
Any other ideas short of telling them not to use it which they won't listen too?
__________________
His pants are tight...but his morals are loose!! |
04-21-2004, 10:37 AM | #2 (permalink) |
Not so great lurker
Location: NY
|
The only real way that i know of is not allow "direct" internet access and have everyone go through a proxy server (and have the proxy server block the aim traffic). In the aim client there is a way to have it detect an open port for it to use (could be anything from telnet, ftp, port 80, etc).
|
04-21-2004, 11:58 AM | #3 (permalink) |
Junkie
Location: RI
|
I think there are more then one server, I also think that there are multiple ports that AIM uses. I think there are two other ones, and then it resorts to port 80, so blocking the port is prollay out of the idea.
What kind of computers are you using at work? If it's anything new, I bet you could just disable it. Or implement a rule that if you're found to be using it, poop will fly? No matter how hard you try to disable something, people will find a way, so make rules with punishments and let everyone know them. |
04-21-2004, 12:27 PM | #4 (permalink) |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
Oh.. i tried to do this on one of my networks... OOOOY!!!! it's a pain in the butt to do, and i never got it to work 100%
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
04-21-2004, 03:38 PM | #7 (permalink) |
I am Winter Born
Location: Alexandria, VA
|
If you give us more details about your network setup, we might be able to help a little better. One thing is for sure though, AIM can adapt itself to pretty much any network configuration in order to connect. The AIM login servers listen on pretty much every port [I've seen people connect using ports 13, 80, 445, 8080, etc.].
Your ideal best bet would be to set up some kind of packet analyzing machine in order to check the contents of each inbound/outbound packet (thus severely slowing network access, unfortunately) and if it saw AIM packets, to drop them. Of course, even then, someone could SSH tunnel to an outside computer and run AIM through the tunnel.
__________________
Eat antimatter, Posleen-boy! |
04-21-2004, 05:49 PM | #8 (permalink) |
Master of No Domains
Location: WEEhawken, New Joisey
|
My company (think large entertainment mouse) uses a proxy server to block AIM traffic as heyal256 suggested.
I am surprised at the tech level of your users though. I don't envy you.
__________________
If you can read this, thank a teacher. If you can read this in English, thank a veteran. |
04-21-2004, 06:49 PM | #9 (permalink) | |
alpaca lunch for the trip
Location: in my computer
|
Quote:
|
|
04-21-2004, 07:28 PM | #10 (permalink) |
I am Winter Born
Location: Alexandria, VA
|
I agree with jujueye - once AIM is shut down, strangely enough the level of productivity will increase [after an initial period of bitching]. It's odd how much time you spend just idly talking to people, checking away messages and profiles, and waiting on something to happen - when you should be working.
__________________
Eat antimatter, Posleen-boy! |
04-21-2004, 08:29 PM | #11 (permalink) |
Sultana ruined my evil persona
Location: Los Angeles
|
What sucks is that there's a double standard where I work. I had blocked it successfully for a week. But I was told to put it back on cause some people were allowed to use it. So after a few weeks I realized that I can change the port within certain AIM clients and block those that I choose.
I really just want one person blocked within my department only. But after a few days he realized that he too can change the ports I block. His machine runs Win2k SP3. I thought about changing his logon to a more restrictive user type, he runs as amin or super user only cause I've had problems with certain apps not running properly in non-admin mode. The network is linked thru a few switches which connect to a Linksys DSL router. I use that as my firewall. I wanna tell him to quit using it but I use it too. I just don't let it get in the way of my work. "Do as I say not as I do." could apply I suppose
__________________
His pants are tight...but his morals are loose!! |
04-21-2004, 09:19 PM | #12 (permalink) |
Junkie
Location: San Diego
|
I am amazed your company doesn't have stricter rules reguarding internet access. At my dad's company they have a zero tolerance policy for abusing the internet. You fuck around on their time, you will find yourself in the unemployment line. I know at my Dad's office they use monitoring programs, if they find any unauthorized useage, your gone it is as simple as that.
__________________
If something seems too good to be true, then it probably is.... Last edited by punx1325; 04-21-2004 at 09:23 PM.. |
04-21-2004, 09:35 PM | #13 (permalink) |
Sultana ruined my evil persona
Location: Los Angeles
|
Well when the owners daughters use the company network to chat on AIM or MSN it's hard to control your department employes usage.
Guess the only resort is to put up with, make thier chat time difficult buy constantly changing settings or just disscuss the problems directly with them. Or can I do anything to the registry to disable AIM?
__________________
His pants are tight...but his morals are loose!! |
04-21-2004, 10:22 PM | #14 (permalink) |
I am Winter Born
Location: Alexandria, VA
|
One possibility is to set up firewall rules blocking those internal IPs from talking to the AOL/AIM servers (on ANY port) - that'd be a fairly quick way of stopping specific users. Might be more trouble than it's worth, though.
__________________
Eat antimatter, Posleen-boy! |
04-22-2004, 10:57 AM | #15 (permalink) | |
"Officer, I was in fear for my life"
Location: Oklahoma City
|
Quote:
The other thing you could do is set up a group policy that would only allow him to run specific applications. The end result is the same but a bit longer to set up. |
|
04-22-2004, 11:19 AM | #16 (permalink) | |
alpaca lunch for the trip
Location: in my computer
|
Quote:
As for using the registry, it would only work for a while. Then they will head out and download it again and reinstall, which will overwrite registry settings. As for the guy who abuses it, how about this: if you have a few switches on their way to the router, is there any way to restrict just one of them (one switch)? I suppose it would depend on the model. If so, hang your most problematic employees on that switch, and block AIM access there only. Put the reliable employees on the switch that does not have restrictions. Or get another router and block it that way. If this works and he complains, tell him it must have been a user error. This will take some cabling fiddling, but is another option. Sounds mighty frustrating. Good luck. |
|
04-22-2004, 08:37 PM | #18 (permalink) | |
Sultana ruined my evil persona
Location: Los Angeles
|
Quote:
MUAHAHAHAHA. It worked!! I had tried this before as I stated in the orginal thread. But in my haste I didn't notice that when I saved it the first time it saved the hosts file as text. Spybot changed my hosts file to read only so I changed that and WHAMO! Fucker wasn't on all day today Thanks for everyones help. And yes it was becomming very fustrating.
__________________
His pants are tight...but his morals are loose!! |
|
04-22-2004, 09:15 PM | #19 (permalink) |
Crazy
Location: San Diego, CA
|
Until he figures out that he can write down the ip of of aim.gaim.aol.com from home, bring it to work, and type in that ip manually...
__________________
"Don't believe everything you read on the internet. Except this. Well, including this, I suppose." -- Douglas Adams |
04-23-2004, 07:38 PM | #22 (permalink) | |
Sultana ruined my evil persona
Location: Los Angeles
|
Quote:
I'll see about blocking that ip also tomorrow. Talking to him is like talking to my kids
__________________
His pants are tight...but his morals are loose!! |
|
04-24-2004, 09:02 AM | #23 (permalink) |
Sultana ruined my evil persona
Location: Los Angeles
|
Well good thing I checked his IE history today. Seems that I forgot about AIM java clients. Went ahead and blocked any aimexpress related addresses.
Just a matter of time before I'll have to block ICQ, MSN and Yahoo too
__________________
His pants are tight...but his morals are loose!! |
Tags |
aim, blocking, network |
|
|