Changing the Blocked message on a netgear router

[ohif]

Is there anyway I could change the blocked message on my netgear router to say whatever I want it to? I have a coworker that isn't getting much done because he is constintly on yahoo IM. I want to block it but I don't want him to know I did it.

Thanks for your help.

 

[ericbrunson]

Can you configure it to DROP rather then DENY? Then no message should be issued.

 

[ohif]

Thanks for the reply.
All I can do is block by keyword or domain address. It shows 'Blocked by NETGEAR' . There has to be someway I could get in and change that isn't there?

 

[ericbrunson]

Not necessarily.

 

[JasonDeckard]

If blocking it at your netgear isn't an option, consider updating your co-worker's HOSTS file. By adding an entry to resolve the Yahoo! Messenger server to a non-existant address on your LAN, he'll get connection time-outs when he tries to reach the messenger server.

Before you mess around with someone else's computer, make sure you have the legal authority to do it. I'm assuming you're a system admin and the employee's system is company owned.

http://www.closedsocket.com/

 

[Serbtastic]

ohif, you say:
I want to block it but I don't want him to know I did it.

Why not?

If you are the sys admin, then there should be no problem letting him know that you've blocked it as per company policy.

 

[rn4it]

agreed, There should also be a company computer use policy that outlines what is acceptable. If not, then I'd confirm that you have that right to do so and not just the ability. It can cause a nasty politics storm in the company.

 

[Sympology]

If you are a sys admin and he is an employee, in most countries, you can block / deny ANY service and ANY program you want without legal worries.
The problems come when a) you take any action against the employee e.g a written warning or b) you stop / impeed the employee performing their jobs to the extent that they may wish to quit or be disciplined.
If you don't have a IT usage policy, then the MD /CIO is leaving themselves wide open to abuse and possible procecution.
As for blocking it, yup a host file pointing to 127.0.0.1 should do the trick.

Stu..

2 decades from retirement, 2 minutes from a breakdown

 

[bierhunter]

I agree that you don't want deny messages sent out. It causes unecessary traffic on the network. For every packet that is denied, more packets are sent back. That just increases bandwidth usage. Same thing for email servers blocking spam. Never send back a message. You can cause your own DOS.

Another reason to not let people know it's denied is that if someone gets a deny message, then they have another clue as to what they need to do to try and get around it. If they don't get a deny message, then they are still left guessing as to where the problem is. I never provide any hints about security configurations to people who are trying to get through.

I'm not familiar with the Netgear commands; but on the Cisco routers, I always have them configured to not send out 'administratively-prohibited" icmp messages. I want blocked packets to just disappear without notification to others.

BierHunter
CNE, MCSE, CCNP