Spyware Warrior

[YUGWEN]

Hello all, I need some help with World of Warcraft! The help I need is I am trying to configure our company firewall to block access to the WOW servers, forums, chat sites, etc. at our gateway to keep employees WORKING instead of wasting time... I have the IP address of the forums server, the ports that WOW uses, etc. but I am not sure I have them all, and I can't figure out where to put them in the firewall. I have successfully made a protocol to block the main WOW port, but the rest is over my head

I am hoping the offending employees will get the hint because they are capable of bypassing the changes I want to make. It will only help to have those ports and IPs blocked since there is no reason at all for our business to have them active anyway.

Thanks in advance!
_________________
Absorb what is useful

[ld]

What brand of firewall is this? This well let us know what it is capable of if we are familiar with it allow us to give some detail in how to configure it.

Instead of having an allow all policy and playing cat and mouse trying to block things people shouldn't use why not do the reverse. Decide what people do need like web surfing (tcp 80 and 443) and allow those and deny everything else. You need a firewall capable of this though. Then likely you need to let servers have full access and maybe an owner or few employees. What I do is give these people static IP's and have firewall rules that let those IPs have unrestricted access. This can be easily accomplished with a Linux or *BSD box with two NIC cards. If you take it to the next step and want to restrict websites then you just need to install and configure squid on the box. It is fairly easy to do with a PIX using object-groups too. I am sure some the other popular soho firewalls with the web interfaces can do it too but stuff like that is usually not so straightforward on those and can be tedious.

[Doug Taylor]

Hi YUGWEN,

Reverse engineering http://francessa0.tripod.com/id5.html might help. Blocking assess to TCP ports 3724, 6112, and 6881 thru 6999 might help also. I had to grant access to those ports for my son to play it.

With our Lord’s blessings take care,

Doug

[logicman_alf]

Hi!

Apart from firewall setup, I find that many people, even trained IT staff, have never heard of a hosts file.
Those who have, think of it as a means of speeding up web access.

That is why, if installed on all workstations as a matter of policy, it can be extremely effective to use a hosts file as a blacklist.

I would expect most Warriors to know this already, but for anyone passing through, and as an easily overlooked adjunct to a security policy, here's some info about hosts files:
http://www.mvps.org/winhelp2002/hosts.htm

By the way, that windows hosts file will work equally well with linux.

Just passing through.
Have a really great day!
Patrick.

[ld]