Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: can Hopster traffic be blocked?
From: Pablo Gietz (pablo.gietznuevobersa.com.ar)
Date: Thu Aug 05 2004 - 10:03:00 CDT
Prakash Purushotham wrote:
> Current setup:
> RH9 all patches current
> iptables set to deny all direct traffic out except to a select few
> squid with acls to allow only http(s)/ftp, more acls to allow access to
> Some users have installed hopster and are able to connect to messenger
> servers even if they are not listed under the "chat access" acls.
> The following site has some information on hopster and similar software.
> I have tried in vain to block traffic using iptables. I tried INPUT
> filter on traffic coming in from port 1863 (for example), under the
> assumption that the messenger server has to reply to hopster requests. I
> have tried blocking FORWARDs again, based on source port 1863 on the
> external interface.
> My last resort (administrative) is to invoke the rule that no
> unauthorized software be installed on the systems.
> Any suggestions on how I can block hopster (and other similar socks
> based tunneling applications) from tunnelling out.
I think limiting bandwith to 3KB or 4KB per connection may help to avoid
some of the people to do big downloads of mp3 video ( because they would
prefer to do at their homes for faster connection) saving almost the
bandwith for bussines duty.
Pablo A. C. Gietz