This one should be what you are lookin for. Here is a URL which has NOC numbers as well. Mike F. Earthlink NOC http://puck.nether.net/netops/nocs.cgi Andy Brezinsky <andy@mbrez.com> wrote:
Hello,
Does anyone have a contact for the NOC or a dns admin of Road Runner (Wisconsin)? One of their dns servers are reporting bad data. Regards, ~Andy Brezinsky ByteHosting Internet Services
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
What kind of games specifically? Like online Java games (Bejeweled)? Or games like Quake, Unreal, Tribes etc? The latter is much easier, just block all traffic to/from the default ports which use them. A quick google would yield what they use. I'll give you a quick hint and say Quake3 is 29760-5 or so and Tribes1/2 is 28000-28005 or so. - James -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Walter Gray Sent: Sunday, January 06, 2002 8:03 PM To: nanog@merit.edu Subject: Blocking Internet Gaming Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
On Sun, 6 Jan 2002, Walter Gray wrote:
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
I'm unsure of details of your situation, but there are enough types of games and ways to access them that you will not be able to block them effectively. In a corporate environment, its really a management issue and the most effective way of dealing with it is to set a policy documenting the punishment of gaming at work and make it really not worth it. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
Problem with that is you can spec those ports pretty much at will. This came up on the focus-ids@securityfocus list last week. Policy is a good place to start. Make it obvious that your org does not approve of this type of thing. Then start looking at tcpdump output to find the ports/people, and go from there. toddler On Sun, 6 Jan 2002, James wrote:
What kind of games specifically?
Like online Java games (Bejeweled)? Or games like Quake, Unreal, Tribes etc?
The latter is much easier, just block all traffic to/from the default ports which use them. A quick google would yield what they use. I'll give you a quick hint and say Quake3 is 29760-5 or so and Tribes1/2 is 28000-28005 or so.
- James
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Walter Gray Sent: Sunday, January 06, 2002 8:03 PM To: nanog@merit.edu Subject: Blocking Internet Gaming
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
They are specifiable on the server side. And most server operators run on default ports as it is easier to connect. But you are right. An organization policy of no games is better. You could maybe also see if a tool like esniff (not free) or tcpdump (free) would work to track people down. - James -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Todd Suiter Sent: Sunday, January 06, 2002 8:21 PM To: James Cc: 'Walter Gray'; nanog@merit.edu Subject: RE: Blocking Internet Gaming Problem with that is you can spec those ports pretty much at will. This came up on the focus-ids@securityfocus list last week. Policy is a good place to start. Make it obvious that your org does not approve of this type of thing. Then start looking at tcpdump output to find the ports/people, and go from there. toddler On Sun, 6 Jan 2002, James wrote:
What kind of games specifically?
Like online Java games (Bejeweled)? Or games like Quake, Unreal,
Tribes
etc?
The latter is much easier, just block all traffic to/from the default ports which use them. A quick google would yield what they use. I'll give you a quick hint and say Quake3 is 29760-5 or so and Tribes1/2 is 28000-28005 or so.
- James
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Walter Gray Sent: Sunday, January 06, 2002 8:03 PM To: nanog@merit.edu Subject: Blocking Internet Gaming
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
I used to use a wonderful little tool called trafshow for identifying chatty streams/conversations. I haven't had to use it in a while, but it may still be worth looking at. Had a very nice interface, and accepted tcpdump-ish grammar for filtering iirc. -j On Sun, Jan 06, 2002 at 08:27:14PM -0500, James wrote:
From: "James" <james@james-web.net> To: "'Todd Suiter'" <todd@s4r.com> Cc: "'Walter Gray'" <wgray@wwns.net>, <nanog@merit.edu> Subject: RE: Blocking Internet Gaming Date: Sun, 6 Jan 2002 20:27:14 -0500 X-Mailer: Microsoft Outlook, Build 10.0.2616
They are specifiable on the server side. And most server operators run on default ports as it is easier to connect. But you are right. An organization policy of no games is better.
You could maybe also see if a tool like esniff (not free) or tcpdump (free) would work to track people down.
- James
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Todd Suiter Sent: Sunday, January 06, 2002 8:21 PM To: James Cc: 'Walter Gray'; nanog@merit.edu Subject: RE: Blocking Internet Gaming
Problem with that is you can spec those ports pretty much at will. This came up on the focus-ids@securityfocus list last week. Policy is a good place to start. Make it obvious that your org does not approve of this type of thing. Then start looking at tcpdump output to find the ports/people, and go from there.
toddler
On Sun, 6 Jan 2002, James wrote:
What kind of games specifically?
Like online Java games (Bejeweled)? Or games like Quake, Unreal,
Tribes
etc?
The latter is much easier, just block all traffic to/from the default ports which use them. A quick google would yield what they use. I'll give you a quick hint and say Quake3 is 29760-5 or so and Tribes1/2 is 28000-28005 or so.
- James
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Walter Gray Sent: Sunday, January 06, 2002 8:03 PM To: nanog@merit.edu Subject: Blocking Internet Gaming
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
---end quoted text---
-- Jason Legate Sr. Net/Sys Admin, eVine, Inc. work- jlegate@evine.com | home- jlegate@alienchick.com Key Fingerprint: 4FB4 2228 DE63 3BBA 7B72 40DD 13D5 2547 821D 2909
On Sun, 6 Jan 2002, Todd Suiter wrote:
Problem with that is you can spec those ports pretty much at will. This came up on the focus-ids@securityfocus list last week. Policy is a good place to start. Make it obvious that your org does not approve of this type of thing. Then start looking at tcpdump output to find the ports/people, and go from there.
There was a similar discussion to this one back when I first joined NANOG - anyways - to repeat my comment from back then.. I work for a healthcare network - for obvious reasons, we don't allow incoming connections through our firewall. The interesting part is though, that we also only allow limited access _out_ through our firewall - mainly because back in the days when we first got the setup, $$$'s for internet access were scarce, and in order to keep the traffic at reasonable rates (not to saturate our connection), we had to limit traffic in some way. The basic setup is disallow all outbound connections, save ports 20-21, 23, 109/110, 80 (with restiction, explanation follows) and 443. The restrictions on port 80, is done using Checkpoint's HTTP Client Auth agent - which authenticates through LDAP into NDS (we also restrict what users are allowed outbound access - not everybody at a hospital needs internet access). This setup tends to stop most internet-based games ('cept http-based ones) - and allows for nice monitoring of the remaining (allowed traffic). (We log all traffic going through the firewall - And don't give me any grief about violation of privacy.. big deal.) -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
On Sun, 6 Jan 2002, Dominic J. Eidson wrote: [snip]
The basic setup is disallow all outbound connections, save ports 20-21, 23, 109/110, 80 (with restiction, explanation follows) and 443.
[snip] Since several people have commented on us not allowing SSH through by default, I'll re-quote my private reply: ".. if someone's clueful enough to use SSH, they're clueful enough to request we allow SSH through for them..." We do allow other outbound connections upon written request. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
I don't think that there is a good way, there are several options: a: Try and filter the ports completely you can nail 80% of gaming this way but there are risks you break other applications. [also if its a few folks on the same LAN playing quake, then you'll find it very difficult to stop]. b: Use some type of rate limiting on high ports to limit the bandwidth so that the games are unplayable. c: Restrict the ability to plug in computers or modify the desktop so they can't install games to play. and one that I heard I think on the list in the past: d: Try and find someone doing it and fire them. The hysteria around it will prevent anyone from even thinking about playing games. Ugly, but effective. e: Allow them to do it under controlled circumstances. After hours, at weekends etc. Regards, Neil. -- Neil J. McRae - Alive and Kicking neil@DOMINO.ORG
On Sun, 6 Jan 2002, Walter Gray wrote:
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
We've had good luck here with the Packeteer packetshaper 6500. http://www.packeteer.com/products/packetshaper/index.cfm We use it mainly to control [not block] music download traffic. Dan Dan Schmiedt Network Services Clemson University DCIT WILLYS@clemson.edu (864)656-7556
In the immortal words of Walter Gray (wgray@wwns.net):
Does anybody know of any good software or way to restrict Internet gaming on a corporate Network?
Yes. A magic product called "Official HR Policy." You'd be amazed how quickly people get the message once someone is fired or docked vacation days for violation of company network usage guidelines. -n ------------------------------------------------------------<memory@blank.org> "Look, I don't know how they do things on your home planet, spaceman...but here in Mayberry, we just don't talk to gun-toting, redneck, amphetamine freaks that way." (--Red Meat, "Microwave Pet Carrier") <http://blank.org/memory/>----------------------------------------------------
participants (10)
-
Andy Walden
-
Dan Schmiedt
-
Dominic J. Eidson
-
James
-
Jason Legate
-
mikenoc@mindspring.com
-
Nathan J. Mehl
-
neil@DOMINO.ORG
-
Todd Suiter
-
wgray@wwns.net