Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 04-21-2004, 08:57 AM   #1 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Blocking AIM from network.

I want to block access to AIM on my network at work. I had set my firewall to block the AIM port but some employees have figured out that by changing the port within AIM they can get back on. I tried to block the server web address (login. oscar.aol I think it was) via the hosts file but somehow that didn't work.

Any other ideas short of telling them not to use it which they won't listen too?
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 04-21-2004, 10:37 AM   #2 (permalink)
Not so great lurker
 
Location: NY
The only real way that i know of is not allow "direct" internet access and have everyone go through a proxy server (and have the proxy server block the aim traffic). In the aim client there is a way to have it detect an open port for it to use (could be anything from telnet, ftp, port 80, etc).
heyal256 is offline  
Old 04-21-2004, 11:58 AM   #3 (permalink)
Junkie
 
Location: RI
I think there are more then one server, I also think that there are multiple ports that AIM uses. I think there are two other ones, and then it resorts to port 80, so blocking the port is prollay out of the idea.
What kind of computers are you using at work?
If it's anything new, I bet you could just disable it. Or implement a rule that if you're found to be using it, poop will fly?

No matter how hard you try to disable something, people will find a way, so make rules with punishments and let everyone know them.
Fallon is offline  
Old 04-21-2004, 12:27 PM   #4 (permalink)
Tilted Cat Head
 
Cynthetiq's Avatar
 
Administrator
Location: Manhattan, NY
Oh.. i tried to do this on one of my networks... OOOOY!!!! it's a pain in the butt to do, and i never got it to work 100%
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not.
Cynthetiq is offline  
Old 04-21-2004, 12:49 PM   #5 (permalink)
Junkie
 
Location: bedford, tx
someone once told me that if you ever wanted to test your firewall for holes, use AIM. It will find any hole that it can to make itself work.
dksuddeth is offline  
Old 04-21-2004, 01:05 PM   #6 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
What operating system are your users running? What server operating system are you running?
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 04-21-2004, 03:38 PM   #7 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
If you give us more details about your network setup, we might be able to help a little better. One thing is for sure though, AIM can adapt itself to pretty much any network configuration in order to connect. The AIM login servers listen on pretty much every port [I've seen people connect using ports 13, 80, 445, 8080, etc.].

Your ideal best bet would be to set up some kind of packet analyzing machine in order to check the contents of each inbound/outbound packet (thus severely slowing network access, unfortunately) and if it saw AIM packets, to drop them.

Of course, even then, someone could SSH tunnel to an outside computer and run AIM through the tunnel.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 04-21-2004, 05:49 PM   #8 (permalink)
Master of No Domains
 
portwineboy's Avatar
 
Location: WEEhawken, New Joisey
My company (think large entertainment mouse) uses a proxy server to block AIM traffic as heyal256 suggested.

I am surprised at the tech level of your users though. I don't envy you.
__________________
If you can read this, thank a teacher.
If you can read this in English, thank a veteran.
portwineboy is offline  
Old 04-21-2004, 06:49 PM   #9 (permalink)
alpaca lunch for the trip
 
jujueye's Avatar
 
Location: in my computer
Quote:
Originally posted by heyal256
The only real way that i know of is not allow "direct" internet access and have everyone go through a proxy server (and have the proxy server block the aim traffic).
Unfortunately, this will be the easiest way to go. And setting this up wont be any better than chasing it around your own network, but once its done, you will be in control. Lock down all the ports and laugh your way back to your office. Tell people to stop all their god damned chatting and do some work. Tell them that the network is not there simply for their pleasure. For fun, shut down your Internet connection for a short time (if you can.) Let them know who's who.
jujueye is offline  
Old 04-21-2004, 07:28 PM   #10 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
I agree with jujueye - once AIM is shut down, strangely enough the level of productivity will increase [after an initial period of bitching]. It's odd how much time you spend just idly talking to people, checking away messages and profiles, and waiting on something to happen - when you should be working.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 04-21-2004, 08:29 PM   #11 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
What sucks is that there's a double standard where I work. I had blocked it successfully for a week. But I was told to put it back on cause some people were allowed to use it. So after a few weeks I realized that I can change the port within certain AIM clients and block those that I choose.
I really just want one person blocked within my department only. But after a few days he realized that he too can change the ports I block. His machine runs Win2k SP3. I thought about changing his logon to a more restrictive user type, he runs as amin or super user only cause I've had problems with certain apps not running properly in non-admin mode.
The network is linked thru a few switches which connect to a Linksys DSL router. I use that as my firewall.

I wanna tell him to quit using it but I use it too. I just don't let it get in the way of my work.

"Do as I say not as I do." could apply I suppose
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 04-21-2004, 09:19 PM   #12 (permalink)
Junkie
 
Location: San Diego
I am amazed your company doesn't have stricter rules reguarding internet access. At my dad's company they have a zero tolerance policy for abusing the internet. You fuck around on their time, you will find yourself in the unemployment line. I know at my Dad's office they use monitoring programs, if they find any unauthorized useage, your gone it is as simple as that.
__________________
If something seems too good to be true, then it probably is....

Last edited by punx1325; 04-21-2004 at 09:23 PM..
punx1325 is offline  
Old 04-21-2004, 09:35 PM   #13 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Well when the owners daughters use the company network to chat on AIM or MSN it's hard to control your department employes usage.

Guess the only resort is to put up with, make thier chat time difficult buy constantly changing settings or just disscuss the problems directly with them.

Or can I do anything to the registry to disable AIM?
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 04-21-2004, 10:22 PM   #14 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
One possibility is to set up firewall rules blocking those internal IPs from talking to the AOL/AIM servers (on ANY port) - that'd be a fairly quick way of stopping specific users. Might be more trouble than it's worth, though.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 04-22-2004, 10:57 AM   #15 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
Quote:
Originally posted by Krycheck

I really just want one person blocked within my department only. But after a few days he realized that he too can change the ports I block. His machine runs Win2k SP3. I thought about changing his logon to a more restrictive user type, he runs as amin or super user only cause I've had problems with certain apps not running properly in non-admin mode.
If I can assume you also have a Win2K Server, then I have 2 words for you, "group policy". Stick this yahoo in his own group. Then create a policy for that group that does not allow him to run AIM. If you want more info on how to do this, let me know.

The other thing you could do is set up a group policy that would only allow him to run specific applications. The end result is the same but a bit longer to set up.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 04-22-2004, 11:19 AM   #16 (permalink)
alpaca lunch for the trip
 
jujueye's Avatar
 
Location: in my computer
Quote:
Originally posted by Krycheck
Well when the owners daughters use the company network to chat on AIM or MSN it's hard to control your department employes usage.

Or can I do anything to the registry to disable AIM?
When you don't have management support, you might as well forget it. That's a bunch of crap. If said daughter works there, she needs to work like everbody else...damned prima-donna. OTOH, unless everybody is related to her, they have no excuse.

As for using the registry, it would only work for a while. Then they will head out and download it again and reinstall, which will overwrite registry settings.

As for the guy who abuses it, how about this: if you have a few switches on their way to the router, is there any way to restrict just one of them (one switch)? I suppose it would depend on the model. If so, hang your most problematic employees on that switch, and block AIM access there only. Put the reliable employees on the switch that does not have restrictions. Or get another router and block it that way. If this works and he complains, tell him it must have been a user error. This will take some cabling fiddling, but is another option.

Sounds mighty frustrating. Good luck.
jujueye is offline  
Old 04-22-2004, 11:25 AM   #17 (permalink)
Right Now
 
Location: Home
You could add a bogus entry to your hosts file on the firewall that says aim.gaim.aol.com is 127.0.0.1.
Peetster is offline  
Old 04-22-2004, 08:37 PM   #18 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Quote:
Originally posted by Peetster
You could add a bogus entry to your hosts file on the firewall that says aim.gaim.aol.com is 127.0.0.1.

MUAHAHAHAHA. It worked!!

I had tried this before as I stated in the orginal thread. But in my haste I didn't notice that when I saved it the first time it saved the hosts file as text. Spybot changed my hosts file to read only so I changed that and WHAMO!

Fucker wasn't on all day today

Thanks for everyones help. And yes it was becomming very fustrating.
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 04-22-2004, 09:15 PM   #19 (permalink)
Crazy
 
Location: San Diego, CA
Until he figures out that he can write down the ip of of aim.gaim.aol.com from home, bring it to work, and type in that ip manually...
__________________
"Don't believe everything you read on the internet. Except this. Well, including this, I suppose." -- Douglas Adams
Rangsk is offline  
Old 04-22-2004, 11:54 PM   #20 (permalink)
Jam
Junkie
 
hey.... why dont you just talk to the guy... tell him he can use it as long as it doesnt get in the way of his work...
Jam is offline  
Old 04-23-2004, 11:34 AM   #21 (permalink)
alpaca lunch for the trip
 
jujueye's Avatar
 
Location: in my computer
Good job, man. All in the details!
jujueye is offline  
Old 04-23-2004, 07:38 PM   #22 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Quote:
Originally posted by Rangsk
Until he figures out that he can write down the ip of of aim.gaim.aol.com from home, bring it to work, and type in that ip manually...
I don't think he's that brite. All the other stuff he got around was because AIM helped him find open ports.

I'll see about blocking that ip also tomorrow.

Talking to him is like talking to my kids
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 04-24-2004, 09:02 AM   #23 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Well good thing I checked his IE history today. Seems that I forgot about AIM java clients. Went ahead and blocked any aimexpress related addresses.

Just a matter of time before I'll have to block ICQ, MSN and Yahoo too
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
 

Tags
aim, blocking, network


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 08:38 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360