Here are a few thoughts. 1. Create address objects and group your internal users into various objects. So have a few special groups and if you have a large quantity of users just put them in a default group.
3. Block DNS for all workstation users and make them use the firewalls DNS proxy. This will eliminate IM clients that try to look like DNS queries. 3. Create outbound rules that allow only specific services and web sites. Use the address objects with these rules. I know this is radical but if you have users who are abusing the system then clamp down on them. Turn logging on and get an idea of who's doing what. 4. The human policy control method. Create a written Internet access policy and make your users read it. Don't put any outbound filtering on them, but do turn on your logging. Then start checking your logs for the kind of traffic that is not allowed. Start picking those who violate the policy. Use the log information to show them they have violated the company Internet access policy. Make an example of them. On Monday, November 3, 2003 at 12:58, Nick Holland wrote: >Chris Green wrote: >> >> I'm looking for a standard set of rules/filters to enable for all of my >> customers to help block all of these applications. Does anyone have a >> methodology that has been effective to do this? Does anyone have a list of >> IP addresses we can block access to that will help? Will a content >> filtering subscription successfully block these, or only help prevent >> download of the apps? > >Here's a method I use successfully: > http://www.holland-consulting.net/tech/imblock.html > >Not sure if GB's DNS server can do that..however, the strategy could >be used to pick out a set of IP addresses that can be used to squash >most "problem" services, though if you go by IP over DNS name, you >will have to stay on top the list of IP addresses. > > >There are some other strategies that can be used. I have heard >(though not verified) that Kazaa has a prefered port. If you block >that port, it will happily slip out another port...but if you RATE >LIMIT that port to some absurdly low level (say, 10kbps), Kazaa will >stick to that port, but be unable to move much data, and hopefully, >the users will give up. > >This suggests an alternative solution: If one wishes to tackle this >problem from an administrative rather than technical side, just log >the default ports of these apps... When you get an alert that someone >has sent data to the Kazaa default port, deal with the person (this is >probably more effective in a slow economy than in a growing one, if >you get my drift ;-). Not sure how many apps have this style of >"default" port, vs. how many just use a random port, once I figured >out my solution above, I haven't had reason to look closer... > >Nick. -- Paul Emerson Global Technology Associates, Inc. Tel: +1.407.380.0220 http://www.gta.com/ Fax: +1.407.380.6080 Email: [EMAIL PROTECTED] Mob: +1.407.617.7818 AIM: pje1gta ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
