Not to discount the value of this advice, I think the best way to monitor
gaming is to control application installations at the workstation level
rather than try to catch them on the wire. You're almost chasing a ghost at
that point. Especially if gaming could (and probably is) going on between
PCs on your LAN. Try configuring your domain policies to prevent users from
installing apps without an IT guy around (this can be done easily on a MS
network if your users have 2K).

And it probably would be a good idea to make sure that your HR dept is aware
of the issue and that you have a clear written policy stating that gaming is
not allowed. I know this sounds somewhat irrelevant to the original
question (and to the IDS list), but written policies go a long way in
helping to enforce good practices later.

Brownfox

-----Original Message-----
From: Alex Arndt [mailto:aarndtrogers.com]
Sent: Thursday, January 03, 2002 7:27 PM
To: Mike Gilles; Richard.CTR.Mickeytc.faa.gov; Jamie French;
focus-idssecurityfocus.com
Subject: RE: how can I track networked games

[snip]

In any case, the best way to find those games is using either your
sniffers or monitoring your throughput on the outbound interface of
your border router. A sudden spike in high port UDP (especially around
lunch or at the beginning/end of the day) is a pretty good sign some
gaming is going on.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]