I agree that a management approach would be best. I know that _I_ would certainly want to involve management just to Cover My A__.
On the technical side, you might consider blocking http (or all) access to the offending sites themselves, provided there is no business need to access those particular sites. Michael O'Quinn On Thu, 27 Mar 2003, Chris Green wrote: > Those are workable answers, but I think the right answer is that this needs > a management solution more-so than a technology solution. You need to > demonstrate to management that it has an impact on the network and needs to > be stopped and let them make it a policy that it cannot be done. Then you > need only monitor for excessive use and you have room to take action. > Almost all apps that you would want to stop in a corporate environment are > extremely versatile and will run over almost any port. This makes it > necessary to take a management approach in many cases because they are > almost impossible to block without disrupting necessary traffic too. > > Chris Green > > > -----Original Message----- > From: Alex Howansky [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2003 3:29 PM > To: [EMAIL PROTECTED] > Subject: Re: [gb-users] streaming audio > > > please forgive me if i'm missing something simple but, is there a way to > > block streaming audio over port 80 when port 80 is allowed? we have a > > number of users eating up bandwidth with web radio. one or two are no big > > deal but a dozen or more begins to cut a chunk out of the total bandwidth. > > > > alternatively, a time limit per connection would be ok since most go on > for > > hours. > > 1) You ask them nicely to stop, reminding them that bandwidth is not free > and > their excessive use of it for non work-related purposes is no different than > making a lot of long distance personal telephone calls. > > 2) If they don't stop, you create an outbound filter to block all outgoing > traffic from their IP. > > 3) When they complain, you tell them they had their chance and blew it. > > 4) They will complain to their boss, who will complain to yours, who will > complain to you. > > 5) You show their boss some excerpts from your logfile that demonstrate how > much of their day they're wasing on the web, including the URLs for all the > porn and gambling sites they've been visiting. > > They'll never bother you again. > > :) > > Or if you prefer the no-fun version: > > There are probably only a handful of desination IPs that are being used. You > could scan your logs to find out what they are, and maintain a list of them > in > an address object. Then just block traffic to that object with an outbound > filter. > > -- > Alex Howansky > Wankwood Associates > http://www.wankwood.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED]
