Hi, thanks to both of you, Henrik and vda(?), for being so patient with me. ;)
[EMAIL PROTECTED] wrote:
- you can block other programs like icq. Only way of really blocking things like icq I can think of is by changing dns resolution for these hosts. simply done on the proxy server and not for the whole network.
Doable with iptables (block by port#)
Not that easy... You can configure icq to use nearly any port connecting to their login servers, and ICQ will try them all out for you... ;) So if you have any open port through your firewall chance is big that icq works.
What can you do against someone plugging into your intranet a preconfigured laptop which will NOT ask novell about anything before going direct?
That's right, sure. But we usually do not allow anyone or any ip address to go directly. In this case here we allowed this to test with and without proxy.
Ok, here is what we did so that we cannot reproduce the error anymore.
The images of our application are loaded by javascript and switched from visible to invisible and back again.
But there seemed to be a mistake so that every image was requested again and again by the browser though it should not.
Just the navigator part had about 50 imgaes loaded on every click.
We reduced this dramatically so that i cannot reproduce this behaviour
anymore. I know this does not exlain why i could DOS the server but it works now... Only explanation I have is traffic caused by the client was simply too high?!
Rainer
