banning IRC 1

[Bencze]

Hello,
I am wondering how could I deny the IRC use from a certain network? I would prefere a solution using a cisco access-list, so I can do it from the router; if not, a windows-based solution is ok too (w/o using any special software; I have a domain with private IPs, I use connection sharing to give net access to the clients).

I have denied some ports from the router, but I'd have to update that almost daily; currently I have denied tcp ports 6000-8000 and 9000 but it seems people always finds some weird servers on another ports, or BNCs... I would like if I could somehow deny the protocol or something. If you do know a solution, an url or something, I'd appreciate it.
Thank you,
Endre.

 

[51m0n]

the ircd server can start on virtualy any port on the server, so a port blocking would not be useful. the irc protocol sits just on tcp/ip, so blocking that would block a huge lot of other things as well.
if you have the option, you could block the access to the net to some irc clients: mirc.exe, mirc32.exe, iirc, bitchx and so on. but again, this is not a real solution. --
regards,
Simon

 

[WheeDoggy]

Why not prevent users from installing applications on the workstations?

 

[Bencze]

Well I am not sure how to prevent that, as far as I know mirc for example doesn't need to be installed ... if they just extract it they can use it.
I use 2 workgroups and a domain with a total of aprox. 50-60 computers. A router acl-based solution would be the best as there I could filter all traffic. However, I am open to other suggestions too. )

 

[PcLinuxGuru]

You can block it... I blocked Yahoo, Kazaa and all those other proggies that port roam so it should work too.

Goto

http://www.sysinternals.com

and get pstools.

Create a batch script similar to:

@ ECHO OFF
:loop
REM All of the following is one line do NOT hit enter

for /F %%a in ('net view ^| find "\\" ') do pslist %%a | find "ypager" /I && pskill %%a ypager >> d:\shutdownlog.txt && psloggedon %%a >> d:\shutdownlog.txt && shutdown -r -t 60 -m "This computer has found that you are using Yahoo Instant Messenger. You have been reported and the computer will be rebooted. Your account will be suspended." -f %%a

Now what this script does is it basically will do a net view and get the computer names. Then it does a pslist (downloaded from sysinternals) and looks for the ypager process (Yahoo Instant Messenger). If it finds it then it kills the process and writes to the shutdownlog file. You can end it there if you want but I go a step further becasue I want to know who did it. So a psloggedon will be done on that computer and written to the log so I know know the users login name and the TIME (I do this to disute their excuses). You can end it their also but I work in a school and I am serious about installing this junk so I run pshutdown (I renamed the file to shutdown) on the machine with the message and a 60 second time delay.

Now you run the batch file and every now and then look at the shutdown log to see who you have snared. Now you have all the information you need and if you want you can goto the specific computer and pull up the ownership of the illegal software and print the screen. Take all that to their boss.

I work in a college environment with about 800 students and their accounts get disabled when they install software like this. Visit

http://www.pcbench.homelinux.net:81/

 

[PcLinuxGuru]

One other thing. If you have the $$$$ their is a packet scrubber called Packet Hound. It is hardware device that blocks the tarffic based on the type of TCP/IP. I haven;t tried it but heard it works.

You could also get a Linux proxy up and running with DNS then block ALL traffic going in and out except from the proxy.

-Bill Visit

http://www.pcbench.homelinux.net:81/

 

[Bencze]

The 'pstools' solution seems quite ok for me.
I will take a look at it.
Thanks for the suggestions, fellas.
Endre