| |||
| |||
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Juan,_______________________________________________
I dealt with the same problem you have a week ago and, in the end, had no choice but to set up a block list on the oruter and prevent anyone on the entwork from accessing certain servers or having any traffic coming from those server to our network.
For one, the use of instant messaging software, AIM, Yahoo and MSN Meesenger, went from sporadic to rampant, which, along with the effect it had on productivity, also caused all sorts of security issues on our end. For one, because the users are not computer-savvy, they had no idea of what they were up to when they used IM extensivelly.
What happened was that their conversations were used as a cover for hackers (or hacker wannabes) to mask their own work, such as IP spoofing and DDOS on various servers (some of those I have identified and laterted companines operating them the others I could not identify). What those hackers were doing was to use IM traffic to get to our router (we also use Cisco but we run T-1) and then use it as a starting point for DDOS. because they were generating hundreds of thousands of fake requests a minute, all that traffic ate up our bandiwdth and, consequently, prevent anyone in the company to get or send email, or go to the Internet. This, of course, affacted the business in a real way and I had to prepare the cost for this for the company owner.
At the same time I also noticed that some of those hackers were coming from various file swapping services and IM servers and were probing our server trying to break in or bring them down. As we have some pretty good firewall software running on each of your boxes, all of those probes and attacjes were deflected but it still was more than enough of a reason for worry.
So, an executive order has been made for all IM usage to cease and all IM software had to be removed from all amchines in the company. Even though this was done, the attacjes continued simply because the attackers had a path to our router mapped. The only thing we could do was to set a ACL (Access Control List) that blocks traffic coming from certain servers at the router level. Since I have put this in place, the attacks stopped and our bandwidth usage went down to its normal levels (about 5% on average).
Hope this helps.
Regards,
Haris
On Tuesday, 25, 2002, at 08:57AM, Juan Manuel Palacios <email@hidden> wrote:
Hello everybody. Does anyone have any idea what ports MSN Messenger
uses to communicate? My network users keep on using it outside leisure
hours so my employers came to the conclusion that it use needs to be
blocked, at least during work hours.
So my basic questions here are, apart from what port it uses, how
to achieve this with Mac OS X Server's built in firewall if the box is
only another host in the network? The network routes through a Cisco
router providing DSL connectivity and my MOSXS box is just a file
server, so I don't know how to make it filter the IP packets if the
other hosts are not routing through it. And also, how can I implement a
rule and take it down at separated time intervals? What I want is for my
network users to be able to chat at lunch time and after the work day is
over, but not during work time. So I need some kind of automatization on
an IP filtering rule that has to come down at a certain hour and then
back up. How could I achieve this?
Thank you very much. Sincerely,...
Juan.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
Haris Pobric
email@hidden
| Home | Archives | FAQ | Terms/Conditions | Contact | RSS | Lists | About |
Visit the Apple Store online or at retail locations.
1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2007 Apple Inc. All rights reserved.
