RE: can Hopster traffic be blocked?

From: Charles Weidner (Accenture) (v-charlw_at_microsoft.com)
Date: 08/06/04

  • Next message: Prakash Purushotham: "Re: can Hopster traffic be blocked?" 
    Date: Thu, 5 Aug 2004 16:30:24 -0700

    If you have a policy in the company that the users should not be able to
    install unauthorized software on their machine why not just not allow
    admin access on the individual workstation. This should alleviate the
    problem whether or not the workstations in your company are linux or
    windows.

    --Charles Weidner

    -----Original Message-----
    From: Pablo Gietz [mailto:pablo.gietz@nuevobersa.com.ar]
    Sent: Thursday, August 05, 2004 8:03 AM
    To: Prakash Purushotham
    Cc: focus-linux@securityfocus.com
    Subject: Re: can Hopster traffic be blocked?

    Prakash Purushotham wrote:

    > Current setup:
    >
    > RH9 all patches current
    > iptables set to deny all direct traffic out except to a select few
    > squid with acls to allow only http(s)/ftp, more acls to allow access
    to
    > msn/yahoo.
    >
    > Problem:
    >
    > Some users have installed hopster and are able to connect to messenger
    > servers even if they are not listed under the "chat access" acls.
    >
    > The following site has some information on hopster and similar
    software.
    >
    http://www.hackingspirits.com/eth-hac/prf-of-conc/bypass-fw/PoF01/bypass
    -fw-sock.html
    >
    > I have tried in vain to block traffic using iptables. I tried INPUT
    > filter on traffic coming in from port 1863 (for example), under the
    > assumption that the messenger server has to reply to hopster requests.
    I
    > have tried blocking FORWARDs again, based on source port 1863 on the
    > external interface.
    >
    > My last resort (administrative) is to invoke the rule that no
    > unauthorized software be installed on the systems.
    >
    > Any suggestions on how I can block hopster (and other similar socks
    > based tunneling applications) from tunnelling out.
    >
    > .
    >
    I think limiting bandwith to 3KB or 4KB per connection may help to avoid

    some of the people to do big downloads of mp3 video ( because they would

    prefer to do at their homes for faster connection) saving almost the
    bandwith for bussines duty. 

    -- 
Pablo A. C. Gietz
  • Next message: Prakash Purushotham: "Re: can Hopster traffic be blocked?"

    Relevant Pages

    • Help in obtaining list of install software in VB6
      ... I'm developing a client/server application to monitor installed applications over the network and to uninstall any unauthorized software, illegal copies by users or application no longer in use. ... The server program will be written in VB6 and use in WinXP SP2, while the viewer side will be install in both WinXP SP2 and Win 2003 Server Standard Edition. ...
      (microsoft.public.vb.general.discussion)
    • Re: how to restrict users
      ... Steven L Umbach wrote: ... the installation of unauthorized software. ... I want it so the only way they can install something is by getting myself or the other person in charge to log in as the admins so something can be installed if need be. ... the capabilities of the Shared Computer Toolkit that is free from Microsoft and will run on both XP Pro and XP Home as long as service pack 2 is installed. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: how to restrict users
      ... The Shared Computer Toolkit should do what you want as far as restricting ... the installation of unauthorized software. ... In my opinion there is not a reliable way to restrict some users from ... I want it so the only way they can install ...
      (microsoft.public.windowsxp.security_admin)
    • How to find out which domain account installed software on shared machine
      ... install of XP. ... machine, but that's all, under Event Viewer -> System. ... users/ 1 Windows XP machine ... I have a list of what unauthorized software is present on ...
      (microsoft.public.win2000.security)
    • Re: How to configure Hopster for SNAT clients ?
      ... I don't know what ports that the ... how can I configure in my ISA server for this issue ... download, install, done. ... not only does hopster configure itself, it even knows how to configure MSN Messenger, Trillian, Yahoo and many others - so you don't need to. ...
      (microsoft.public.isa)