Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do I block Kazaa, Yahoo, AIM, and programs that port roam?
Small Network Security
If you have been searching for a cheap effective means of blocking this type of software then here is your answer. I blocked Yahoo, Kazaa and all those other programs that port roam (such applications can change the port so the blocking of a specific static port(s) is of no use).
This will also work on programs like Wingate for which their is no port to block because it routes traffic.
1)Goto www.sysinternals.com, get and install pstools on a server or machine that will be scanning as stated below (doesn't have to be a server).
2)Create a batch script similar to:
@ ECHO OFF
:loop
REM All of the following is one line do NOT hit enter
REM The ^ is a shortcut for a more statemet.
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
REM You can hit enter now
goto loop
3) For each program your going to block you need to add:
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "process name" /I && pskill %%a process name >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "Message you want offender to see." -f %%a
So if I was going to block Yahoo AND Kazaa then my script would look like:
@ECHO OFF
:loop
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "kazaa" /I && pskill %%a kazaa >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Kazaa. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
goto loop
4) Run the batch script and have fun.
Now what this script does is it basically will do a net view and get the computer names. Then it does a pslist (downloaded from sysinternals) and looks for the ypager process (Yahoo Instant Messenger). If it finds it then it kills the process and writes to the shutdownlog file. You can end it there if you want but I go a step further becasue I want to know who did it. So a psloggedon will be done on that computer and written to the log so I know know the users login name and the TIME (I do this to dispute or support their excuses for example if they were not their at the TIME of the offense). You can end it their also but I work in a school and I am serious about installing this junk so I run pshutdown (I renamed the file to shutdown) on the machine with the message and a 60 second time delay which lets them know they have been busted and shutsdown the machine.
Now you run the batch file and every now and then look at the shutdown log to see who you have snared. Now you have all the information you need and if you want you can goto the specific computer and pull up the ownership of the illegal software and print the screen. Take all that to their boss.
I work in a college environment with about 800 students and their accounts get disabled when they install software like this.
Now where did I put my CD for Quake
Please note that this has only been tested on server operating systems running windows. This includes Windows XP, NT 4 w/sp6 and Windows 2000 Advanced Server. This is meant for networks not single machines. The server scans all the workstations on the network.
Have fun!!!
Bill
This will also work on programs like Wingate for which their is no port to block because it routes traffic.
1)Goto www.sysinternals.com, get and install pstools on a server or machine that will be scanning as stated below (doesn't have to be a server).
2)Create a batch script similar to:
@ ECHO OFF
:loop
REM All of the following is one line do NOT hit enter
REM The ^ is a shortcut for a more statemet.
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
REM You can hit enter now
goto loop
3) For each program your going to block you need to add:
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "process name" /I && pskill %%a process name >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "Message you want offender to see." -f %%a
So if I was going to block Yahoo AND Kazaa then my script would look like:
@ECHO OFF
:loop
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "kazaa" /I && pskill %%a kazaa >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Kazaa. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a
goto loop
4) Run the batch script and have fun.
Now what this script does is it basically will do a net view and get the computer names. Then it does a pslist (downloaded from sysinternals) and looks for the ypager process (Yahoo Instant Messenger). If it finds it then it kills the process and writes to the shutdownlog file. You can end it there if you want but I go a step further becasue I want to know who did it. So a psloggedon will be done on that computer and written to the log so I know know the users login name and the TIME (I do this to dispute or support their excuses for example if they were not their at the TIME of the offense). You can end it their also but I work in a school and I am serious about installing this junk so I run pshutdown (I renamed the file to shutdown) on the machine with the message and a 60 second time delay which lets them know they have been busted and shutsdown the machine.
Now you run the batch file and every now and then look at the shutdown log to see who you have snared. Now you have all the information you need and if you want you can goto the specific computer and pull up the ownership of the illegal software and print the screen. Take all that to their boss.
I work in a college environment with about 800 students and their accounts get disabled when they install software like this.
Now where did I put my CD for Quake
Please note that this has only been tested on server operating systems running windows. This includes Windows XP, NT 4 w/sp6 and Windows 2000 Advanced Server. This is meant for networks not single machines. The server scans all the workstations on the network.
Have fun!!!
Bill