We use Little Brother software. It runs on an NT server and can monitor
and/or filter traffic based on specific sites, categories of sites or by
netbios name on the workstation so if you don't want billybob listening to
music but the president cant live without it, you can get the job done.
We implemented it about three months ago and got back nearly half our
Internet bandwidth.
-d
""Kathy Miihalisko"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Very well put! Remember how, a few years ago, the Push technology had us
all
> screaming about bandwidth robbery. In our case the first albeit not only
> step was to update the company network policy to prohibit its use. But
with
> increased services and snoops on the Internet, things are even more
> complicated now. Just doing a simple -netstat on a PC reveals all kinds of
> mysterious activity. This morning I found an electronic bill-paying
service
> which I've never heard of opening a TCP connection to my machine. Freaked
me
> out.
>
> Chuck's right, there are good 3-party tools if your org. can afford them.
If
> not or in the interim, a freebie scanner will help you monitor and
associate
> port activity on your IP hosts, and your findings should be reflected in
> enforceable policy as well as your configs.
>
> (By the way, registered ports 2938--2942 and 2861 appear to be used by
> broadcast.com for radio/voice but there's also a mass of basic port 80
> activity and beaucoup remote hosts when you start their service. As Chuck
> noted, this is the way things are headed.) Sorry, this is getting
off-topic
> as well as depressing.
>
> Kathy "Katyusha" M.
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Chuck Larrieu
> Sent: Friday, January 05, 2001 1:03 PM
> To: beth shriver; [EMAIL PROTECTED]
> Subject: RE: blocking broadcast.com ip addresses
>
>
> Not to mention that many radio stations have their own services, and don't
> go through broadcast.com
>
> Not to mention that there are business based services that use
broadcast.com
> as well. You take the bad with the good, so to speak.
>
> I keep coming back to the issue of policy and policy enforcement. I don't
> believe it is possible to continue to rely upon manual configuration of
> access lists to enforce policy. If there is a severe issue, or a good
> business reason to limit internet access and usage, then I believe one
> should look into third party server based solutions such as web secure.
> There are other products as well, but for some reason web secure is the
only
> one I can remember.
>
> These products have created and maintain policy lists, making it easier to
> block pornography, brokerage, radio stations, just about anything you can
> imagine. They also allow you to add your own criteria, so that if you have
a
> researcher who truly does need to listen to the radio or monitor
> thestreet.com you can permit that one user to do so while blocking
everyone
> else. ( handy for currying favor with the boss, I suppose )
>
> What you are suggesting is essentially treating the symptom, and not the
> disease. In an ideal world, there would be a written acceptable use
policy,
> signed by management, and incorporated into the employee handbook. Then
the
> tech staff would initiate the appropriate fixes based upon that policy.
>
> Everyone should also be aware that app developers, both good and evil, are
> now beginning to use protocol tunneling as a means of evading corporate
site
> and port based policies. It won't be too long before everything comes
across
> as port 80 traffic, and your port filtering will be useless.
>
> Chuck
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Kathy Miihalisko
> Sent: Friday, January 05, 2001 9:34 AM
> To: Kelly D Griffin; beth shriver; [EMAIL PROTECTED]
> Subject: RE: blocking broadcast.com ip addresses
>
> P.S.--
>
> Bear in mind that IP addresses are subject to change--if you filter out by
> IP alone, you could be chasing them down again next week--not to mention
> that broadcast.com is not the only service of its kind out there. You
might
> find that nailing down the ports to block is more efficient.
>
> Kathy "Katyusha" M.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Kathy Miihalisko
> Sent: Friday, January 05, 2001 11:58 AM
> To: Kelly D Griffin; beth shriver; [EMAIL PROTECTED]
> Subject: RE: blocking broadcast.com ip addresses
>
>
> Beth,
>
> Put on your hacker hat and run a port scan first -- there are many free
ones
>
> for download -- try
>
> http://members.home.com/ultraj/
>
> or browse the Connectivity utilities @ www.davecentral.com for another
port
> scanner. Determine the ports used by this broadcast service and block them
> with an extended ACL.
>
> Kathy "Katyusha" M.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Kelly D Griffin
> Sent: Friday, January 05, 2001 9:09 AM
> To: beth shriver; [EMAIL PROTECTED]
> Subject: Re: blocking broadcast.com ip addresses
>
>
> The easiest way to block an ip address on your gateway router is to route
to
> null (i.e. ip route 192.168.1.1 255.255.255.255 Null). You can also
compile
> an access-list to block out a range of addresses (i.e. deny ip any
> 192.168.1.0 0.0.0.255).
>
> It is up to you to decide which method is the best. The ACL would be my
> preferred method. Easier to maintain than static route statements.
>
> Kelly D Griffin, CCNA
> Network Engineer
> Kg2 Network Design
> http://www.kg2.com
>
>
> ----- Original Message -----
> From: "beth shriver" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, January 05, 2001 7:33 AM
> Subject: blocking broadcast.com ip addresses
>
>
> > Can someone tell me how to block traffic from/to
> > broadcast.com ??? We have several people who like to
> > use their computer as a radio and its bogging us down!
> > Help,
> > Beth
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Photos - Share your holiday photos online!
> > http://photos.yahoo.com/
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ____________________________________________
> http://1cis.com
> Free E-mail Servers with unlimited mailboxes
> 1st Class Internet Solutions
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
