need to monitor employee's usage, part ii

[theNEOone]

i had askd for some monitoring software previously on this board to monitory one of my employees, but now i'm just to the point where i'm going to block the sites. final step before <donald> YOU'RE FIRED</donald>

the IT guy gave me the password to our router at work so i can enbale filtering. i've blocked some websites and now i want to block the ports for MSN, Yahoo, and AOL messengers. anyone know what these ports are?


=|

 

[RbSX]

Originally posted by: theNEOone
i had askd for some monitoring software previously on this board to monitory one of my employees, but now i'm just to the point where i'm going to block the sites. final step before <donald> YOU'RE FIRED</donald>

the IT guy gave me the password to our router at work so i can enbale filtering. i've blocked some websites and now i want to block the ports for MSN, Yahoo, and AOL messengers. anyone know what these ports are?


=|

I doubt you're going to find alot of help here, considering it's the goal of most of these guys to undermine the blocking of websites at work

 

[TheITguy]

This should help

Click

 

[MercenaryForHire]

The only way you'll be able to shut down MSN is to pull the WAN plug. That persistant little SOB can tunnel out through TCP 80 masquerading as HTTP traffic. :|

Block the home servers for the chat programs.

- M4H

 

[dartworth]

are you @ work now?

 

[FoBoT]

block all and setup a proxy

 

[eakers]

watch out for webmessenger

 

[0roo0roo]

heh i think it was in the new pc magazine ways to get around any blocking. anonimizer sites ...most are pay though.

 

[0roo0roo]

http://www.steganos.com/?layou...t_sia5&amp;language=en

http://www.download.com/GhostS...0-2144_4-10313014.html

 

[desy]

Don't bother blocking
Give it to him in writing he is being monitored and if he goes to these sites, bingo he's gone.

If he screws around with a PC and you take that away, they will find other ways to make love to the canine.

 

[Rogue]

I have several ACLs in my firewall to block these and so far it's been pretty effective. I captured the addresses using our IDS system and systematically shut them down. It's by far not a comprehensive list by any stretch, but here it is:

access-list OUTBOUND_2 remark ***** DENY YAHOO INSTANT MESSENGER ******
access-list OUTBOUND_2 extended deny ip any host 66.163.172.116
access-list OUTBOUND_2 extended deny ip any host 66.163.172.117
access-list OUTBOUND_2 extended deny ip any host 68.142.231.252
access-list OUTBOUND_2 extended deny ip any host 200.62.146.126
access-list OUTBOUND_2 extended deny ip any host 200.68.102.61
access-list OUTBOUND_2 extended deny ip any host 209.18.39.33
access-list OUTBOUND_2 extended deny ip any host 209.18.39.54
access-list OUTBOUND_2 extended deny ip any host 216.109.116.119
access-list OUTBOUND_2 extended deny ip any host 216.109.116.191
access-list OUTBOUND_2 extended deny ip any host 216.155.193.78
access-list OUTBOUND_2 extended deny ip any host 216.155.193.172
access-list OUTBOUND_2 extended deny ip any host 216.155.193.204
access-list OUTBOUND_2 extended deny ip any host 216.155.193.205
access-list OUTBOUND_2 extended deny ip any host 216.155.193.230
access-list OUTBOUND_2 extended deny ip any host 216.155.194.191
access-list OUTBOUND_2 extended deny ip any host 216.155.194.210
access-list OUTBOUND_2 remark ***** DENY MSN INSTANT MESSENGER *****
access-list OUTBOUND_2 extended deny ip any host 207.46.110.29
access-list OUTBOUND_2 extended deny ip any host 207.46.110.5
access-list OUTBOUND_2 extended deny ip any host 207.46.104.20
access-list OUTBOUND_2 extended deny ip any host 207.46.110.36
access-list OUTBOUND_2 extended deny ip any host 207.46.110.20

 

[Rogue]

If you're running Cisco routers, you may also look at a function called NBAR. I'm not sure if there's a PDLM for IM applications, but there might be.

 

[theNEOone]

Originally posted by: Rogue
I have several ACLs in my firewall to block these and so far it's been pretty effective. I captured the addresses using our IDS system and systematically shut them down. It's by far not a comprehensive list by any stretch, but here it is:

access-list OUTBOUND_2 remark ***** DENY YAHOO INSTANT MESSENGER ******
access-list OUTBOUND_2 extended deny ip any host 66.163.172.116
access-list OUTBOUND_2 extended deny ip any host 66.163.172.117
access-list OUTBOUND_2 extended deny ip any host 68.142.231.252
access-list OUTBOUND_2 extended deny ip any host 200.62.146.126
access-list OUTBOUND_2 extended deny ip any host 200.68.102.61
access-list OUTBOUND_2 extended deny ip any host 209.18.39.33
access-list OUTBOUND_2 extended deny ip any host 209.18.39.54
access-list OUTBOUND_2 extended deny ip any host 216.109.116.119
access-list OUTBOUND_2 extended deny ip any host 216.109.116.191
access-list OUTBOUND_2 extended deny ip any host 216.155.193.78
access-list OUTBOUND_2 extended deny ip any host 216.155.193.172
access-list OUTBOUND_2 extended deny ip any host 216.155.193.204
access-list OUTBOUND_2 extended deny ip any host 216.155.193.205
access-list OUTBOUND_2 extended deny ip any host 216.155.193.230
access-list OUTBOUND_2 extended deny ip any host 216.155.194.191
access-list OUTBOUND_2 extended deny ip any host 216.155.194.210
access-list OUTBOUND_2 remark ***** DENY MSN INSTANT MESSENGER *****
access-list OUTBOUND_2 extended deny ip any host 207.46.110.29
access-list OUTBOUND_2 extended deny ip any host 207.46.110.5
access-list OUTBOUND_2 extended deny ip any host 207.46.104.20
access-list OUTBOUND_2 extended deny ip any host 207.46.110.36
access-list OUTBOUND_2 extended deny ip any host 207.46.110.20

is this part of a script? i have a pretty basic netgear router and i'm not sure if it'll accept anything like this. could we maybe put a script in our server?


=|

 

[bluehorizon]

Just tell him he's being monitored. If he continues to hit external sites, fire his unproductive ass.

 

[Ogg]

Originally posted by: bluehorizon
Just tell him he's being monitored. If he continues to hit external sites, fire his unproductive ass.

yeah then go ahead and fire hisself too :roll:

 

[acemcmac]

You could just ban his mac adress from using the internet.... is his job really internet dependant?